# Least-privilege egress for agent Job namespaces.
# - DNS (kube-dns)
# - LiteLLM (all LLM traffic is proxied here)
# - MCP tool plane
# - Postgres (LangGraph AsyncPostgresSaver checkpoints + structured agent state)
#
# Object storage (MinIO) remains reachable only from MCP servers, not from agent pods.
apiVersion: cilium.io/v2
kind: CiliumClusterwideNetworkPolicy
metadata:
  name: agentic-os-ai-agents-egress
spec:
  endpointSelector:
    matchExpressions:
      - key: io.kubernetes.metadata.namespace
        operator: In
        values:
          - ai-agents-gumbo
          - ai-agents-bernard
  egress:
    - toEndpoints:
        - matchLabels:
            k8s:io.kubernetes.pod.namespace: kube-system
            k8s-app: kube-dns
      toPorts:
        - ports:
            - port: "53"
              protocol: UDP
            - port: "53"
              protocol: TCP
    - toEndpoints:
        - matchLabels:
            k8s:io.kubernetes.pod.namespace: ai-core
            app.kubernetes.io/name: litellm
      toPorts:
        - ports:
            - port: "4000"
              protocol: TCP
    - toEndpoints:
        - matchLabels:
            k8s:io.kubernetes.pod.namespace: tools-mcp
      toPorts:
        - ports:
            - port: "8080"
              protocol: TCP
            - port: "3000"
              protocol: TCP
    - toEndpoints:
        - matchLabels:
            k8s:io.kubernetes.pod.namespace: platform-data
            cnpg.io/cluster: agentic-os-pg
      toPorts:
        - ports:
            - port: "5432"
              protocol: TCP