frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

CPG – Generate Cilium network policies from dropped Hubble flows

1•soulkyu•1h ago
I run Cilium with default-deny on a few clusters. Every time a new service deploys, something gets blocked, and I end up in the same loop: read Hubble logs, find the dropped flow, write the CiliumNetworkPolicy YAML, apply, wait, repeat.

I wrote CPG to skip that loop. It connects to Hubble Relay, streams denied flows, and generates the policy files. TCP/UDP, ICMP, reserved entities, CIDR — it handles what I've needed so far. If a policy already exists on disk, it merges the new rules in without duplicates.

It's a CLI tool in Go. You can also install it as a kubectl plugin via krew (PR pending). It auto port-forwards to hubble-relay, so there's zero setup beyond having Cilium running.

Built most of this with Claude as copilot, so fair warning on that front.

Would be curious to hear if others have a different approach to the default-deny policy bootstrapping.

Here is the link : https://github.com/SoulKyu/cpg

Comments

JumpingVPN2027•36m ago
Interesting approach.

Out of curiosity — how do you maintain a stable session identity if the underlying transport path changes (for example NAT rebinding or relay migration)?

Is it tied to a cryptographic token or internal session state?

Fifty years of sexing up tech: Apple's epic hits – and misses

https://www.theguardian.com/technology/2026/mar/10/50-years-apple-epic-hits-and-misses
1•frereubu•1m ago•0 comments

Chinese tech hubs promote OpenClaw AI agent despite security warnings

https://www.reuters.com/world/asia-pacific/chinas-shenzhen-backs-openclaw-ai-with-subsidies-despi...
1•TMWNN•5m ago•0 comments

The Architecture of an Exit Scam: A Technical Audit of Zszrun

1•cappyfjao•6m ago•0 comments

China's AI giants are handing out cash to lure in users

https://economist.com/business/2026/03/09/chinas-ai-giants-are-handing-out-cash-to-lure-in-users
1•andsoitis•7m ago•0 comments

Do the Illegible

https://ashwinsundar.com/posts/legibility-and-programming/
1•wofo•7m ago•0 comments

Amdahl's Law

https://en.wikipedia.org/wiki/Amdahl%27s_law
1•olalonde•9m ago•0 comments

Ask HN: P2P Trust Network for reviews in the 2020s

1•JCharante•11m ago•0 comments

Why "Authentic" Is the Next Thing We'll Game

https://balint.blog/gamed/
2•balintkorosi•11m ago•1 comments

Claude Code Skills and Plugins as an Open Source Project

https://github.com/alirezarezvani/claude-skills
1•jungard•12m ago•1 comments

Curious about just how adult the weather can get

https://twitter.com/troyhunt/status/2031079752631808350
1•bilsbie•13m ago•0 comments

LLM-Assisted Reverse Engineering

https://skullbloc.com/posts/llm-assisted-reverse-engineering/
1•stebbins•15m ago•0 comments

6k Bad Coding Lessons Turned a Chatbot Evil

https://www.nytimes.com/2026/03/10/opinion/ai-chatbots-virtue-vice.html
1•acjohnson55•16m ago•0 comments

F-35 Software Could Be Jailbreaked Like an iPhone: Dutch Defense Secretary

https://www.twz.com/air/f-35-software-could-be-jailbreaked-like-an-iphone-dutch-defense-minister
2•tzury•16m ago•1 comments

Depression is getting ahead of me

1•ppap3•17m ago•0 comments

Show HN: SiClaw – an open-source agent for debugging infrastructure incidents

https://siclaw.ai/
1•SherryWong•17m ago•0 comments

The Canonical Document

https://k2xl.substack.com/p/the-canonical-document
1•k2xl•18m ago•0 comments

Kovan: From Production MVCC Systems to Wait-Free Memory Reclamation

https://vertexclique.com/blog/kovan-from-prod-to-mr/
1•EvgeniyZh•19m ago•0 comments

MacBook Air M5 review: Almost perfect

https://www.tomsguide.com/computing/macbooks/macbook-air-m5-review
1•tosh•20m ago•1 comments

Is Srqcgx Safe? A Technical Audit of the "Wrapper" Fraud Architecture

1•cappyfjao•24m ago•0 comments

Just keep doing the bit (Karma Yoga Edition)

https://sankalp.bearblog.dev/just-keep-doing-the-bit-karma-yoga-edition/
1•tosh•26m ago•0 comments

Show HN: Sandboxing Agents on macOS and Linux with Nix

https://github.com/archie-judd/agent-sandbox.nix
1•peacefulPanda•27m ago•1 comments

Ask HN: Remember Fidonet?

6•ukkare•28m ago•2 comments

A Drosophila computational brain model reveals sensorimotor processing

https://www.nature.com/articles/s41586-024-07763-9
1•gradus_ad•29m ago•0 comments

Add Age Verification Signal Specification · Merge requests · xdg / xdg-specs

https://gitlab.freedesktop.org/xdg/xdg-specs/-/merge_requests/113
3•watashiato•31m ago•0 comments

A Java library for extracting tables from Text-Based PDFs and scanned PDFs

https://github.com/ExtractPDF4J/ExtractPDF4J
1•mehulimukherjee•31m ago•1 comments

Containers Are Not a Security Boundary

https://www.lucavall.in/blog/containers-are-not-a-security-boundary
3•ingve•33m ago•0 comments

I told Claude "do whatever it takes to get this game to run on this OS"

https://github.com/Wowfunhappy/Celeste-64-Patched-For-Mavericks
4•Wowfunhappy•34m ago•1 comments

Recover Files from a Sick Mac

https://eclecticlight.co/2026/03/10/recover-files-from-a-sick-mac/
1•SanjayMehta•35m ago•0 comments

Goose Lays Golden Eggs, Gets Slaughtered

https://inconsistent.blog/goose-lays-golden-eggs-gets-slaughtered/
2•dnikolovv•36m ago•0 comments

Can Claude Read Your Website

https://johnbrennan.xyz/essay/can-claude-read-your-website
2•johnb95•37m ago•1 comments