From IPs to identities: Dynamic network policies with Cilium & Argo CD

Kubernetes makes spinning up workloads easy, but controlling how they communicate at scale is hard. IP-based network policies quickly break as pods are created, destroyed, and rescheduled. This talk shows how Cilium enables identity-based networking using Kubernetes-native concepts like labels and service accounts. Policies target what workloads are, not where they run. It walks through a practical GitOps setup with Argo CD and Kustomize to manage policies as code, including namespace-level labeling to enforce rules across dynamic and unmanaged workloads. Finally, it covers observability with Hubble to trace flows, debug denials, and safely roll out stricter policies.