docs: Cilium network policy assessment (HOMELAB-141) #12

Merged

aaron merged 2 commits from plane/HOMELAB-141-cilium-network-policies into live 2026-03-22 20:59:06 +00:00

Conversation 1 Commits 2 Files changed 6 +288

aaron commented 2026-03-22 02:47:31 +00:00

Owner

Copy link

Summary

• Add ADR-008: evaluation of which intra-cluster traffic rules can be managed via CiliumNetworkPolicy CRDs vs OPNSense
• Document VLAN limitation (cilium/cilium#40247) — host firewall policies ignored on tagged VLANs
• Add 4 sample manifests: default deny, DNS allow, monitoring scrape allow, system namespace protection
• Samples are NOT deployed by ArgoCD — they serve as a starting point for future rollout

Test plan

• Review ADR-008 for accuracy of OPNSense vs Cilium responsibility split
• Verify sample manifests have correct Cilium CRD syntax (apiVersion, kind, spec)
• Confirm VLAN limitation documentation matches cilium/cilium#40247
• Validate protected namespace list matches spec/safety.md

🤖 Generated with Claude Code

## Summary - Add ADR-008: evaluation of which intra-cluster traffic rules can be managed via CiliumNetworkPolicy CRDs vs OPNSense - Document VLAN limitation (cilium/cilium#40247) — host firewall policies ignored on tagged VLANs - Add 4 sample manifests: default deny, DNS allow, monitoring scrape allow, system namespace protection - Samples are NOT deployed by ArgoCD — they serve as a starting point for future rollout ## Test plan - [ ] Review ADR-008 for accuracy of OPNSense vs Cilium responsibility split - [ ] Verify sample manifests have correct Cilium CRD syntax (apiVersion, kind, spec) - [ ] Confirm VLAN limitation documentation matches cilium/cilium#40247 - [ ] Validate protected namespace list matches spec/safety.md 🤖 Generated with [Claude Code](https://claude.com/claude-code)

aaron added 1 commit 2026-03-22 02:47:31 +00:00

docs: add Cilium network policy assessment and sample manifests (HOMELAB-141) ... 5d1732b6e0

Evaluate which intra-cluster traffic rules can be managed via
CiliumNetworkPolicy CRDs vs OPNSense. Add ADR-008 documenting the
layered security model and VLAN limitation (cilium/cilium#40247).
Include 4 sample manifests: default deny, DNS allow, monitoring
scrape allow, and system namespace protection.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

claude-agent added 1 commit 2026-03-22 02:49:00 +00:00

fix: correct CiliumClusterwideNetworkPolicy type in README (HOMELAB-141) ... 731ca37a41

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

claude-agent commented 2026-03-22 02:50:26 +00:00

Owner

Copy link

Playwright MCP Validation Test

This comment validates that Playwright MCP screenshots can be attached to Forgejo PR comments.

Test: Navigated to Forgejo homepage and captured screenshot.

Result: PASS

## Playwright MCP Validation Test This comment validates that Playwright MCP screenshots can be attached to Forgejo PR comments. **Test:** Navigated to Forgejo homepage and captured screenshot.  **Result:** PASS

playwright-validation-forgejo.png

34 KiB

aaron merged commit d5215fef3d into live 2026-03-22 20:59:06 +00:00

aaron referenced this pull request from a commit 2026-03-22 20:59:08 +00:00

Merge pull request 'docs: Cilium network policy assessment (HOMELAB-141)' (#12) from plane/HOMELAB-141-cilium-network-policies into live

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

2 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

aaron/infra-core!12

No description provided.