https://marktaguiad.dev/tags/networkpolicy/ Recent content in Networkpolicy on marktaguiad.dev Hugo en-us marktaguiad@marktaguiad.dev (Mark Taguiad) marktaguiad@marktaguiad.dev (Mark Taguiad) marktaguiad.dev Tue, 28 Apr 2026 00:00:00 +0000 https://marktaguiad.dev/post/k8s-cilium-policy-dos/ Tue, 28 Apr 2026 00:00:00 +0000marktaguiad@marktaguiad.dev (Mark Taguiad) https://marktaguiad.dev/post/k8s-cilium-policy-dos/ <p><code>CiliumNetworkPolicy</code> (CNP) is the most commonly used policy type in Cilium.</p> <p>It is namespace-scoped, meaning the policy applies only within the namespace where it is created.</p> <p>This is the policy most teams use for real-world application security because it enables zero-trust controls at Layer 3, Layer 4, and Layer 7.</p> <p>If Kubernetes NetworkPolicy is a basic firewall, CiliumNetworkPolicy is the full application-aware policy engine.</p> <p>What discussed and showed here is similar with <code>CiliumClusterwideNetworkPolicy</code>, the only difference it the policy is cluster wide. Read more on that topic and how to combine these policies.</p> https://marktaguiad.dev/post/k8s-cilium-policy-uno/ Sun, 26 Apr 2026 00:00:00 +0000marktaguiad@marktaguiad.dev (Mark Taguiad) https://marktaguiad.dev/post/k8s-cilium-policy-uno/ <p>When people first start working with Cilium policies, the easiest way to understand them is to group them into two simple ideas:</p> <ol> <li>Who can talk to what?</li> <li>What they’re allowed to do once connected?</li> </ol> <p>That mental model maps directly to how Cilium builds policy enforcement—from basic workload isolation all the way up to application-aware HTTP filtering.</p> <p>If you already think in terms of namespace rules and Layer 7 rules like HTTP GET/POST like we did in <a href="https://marktaguiad.dev/post/k8s-istio-uno/">Istio</a>, you’re already on the right track. Cilium simply expands that model into something much more powerful and much more granular.</p>