KKloud TarusKKloud Tarus
  • Blog
  • Series
  • Team
  • About

Blog

Thoughts on engineering, design, and building great products.

SeriesAll postsNetworkPolicyAIAPFAPIAPI GatewayARPAWSAdmissionAffinityAggregationAnsibleAppArmorArchitectureAuthenticationAuthorization
NetworkPolicy: A Firewall By Label
DevOpsSecurity

NetworkPolicy: A Firewall By Label

By default every pod in the cluster talks freely with every other — flat and open. This article uses NetworkPolicy to lock it down: deny all ingress to a pod, then allow only the right labels through, tested for real on a Cilium cluster. And because the cluster runs eBPF, we get to watch Hubble print DROPPED/FORWARDED verdicts per packet, with Cilium identity proving policy attaches to labels, not IPs.

K
KaiMay 24, 2026· 14 views
KKloud TarusKKloud Tarus

Explore. Build. Share.

  • Blog
  • Team
  • About
© 2026 KKloud Tarus. All rights reserved.