github.com/fafucoder/cilium@v1.6.11/examples/kubernetes-es/es-sw-policy.yaml

github.com/fafucoder/cilium@v1.6.11/examples/kubernetes-es/es-sw-policy.yaml (about)

     1  apiVersion: cilium.io/v2
     2  kind: CiliumNetworkPolicy
     3  metadata:
     4    name: secure-empire-elasticsearch
     5    namespace: default
     6  specs:
     7  - endpointSelector:
     8      matchLabels:
     9        component: elasticsearch
    10    ingress:
    11    - fromEndpoints:
    12      - matchLabels:
    13          app: spaceship
    14      toPorts:
    15      - ports:
    16        - port: "9200"
    17          protocol: TCP
    18        rules:
    19          http:
    20          - method: ^PUT$
    21            path: ^/spaceship_diagnostics/stats/.*$
    22    - fromEndpoints:
    23      - matchLabels:
    24          app: empire-hq
    25      toPorts:
    26      - ports:
    27        - port: "9200"
    28          protocol: TCP
    29        rules:
    30          http:
    31          - method: ^GET$
    32            path: ^/spaceship_diagnostics/_search/??.*$
    33          - method: ^GET$
    34            path: ^/troop_logs/_search/??.*$
    35    - fromEndpoints:
    36      - matchLabels:
    37          app: outpost
    38      toPorts:
    39      - ports:
    40        - port: "9200"
    41          protocol: TCP
    42        rules:
    43          http:
    44          - method: ^PUT$
    45            path: ^/troop_logs/log/.*$
    46  - egress:
    47    - toEndpoints:
    48      - matchExpressions:
    49        - key: k8s:io.kubernetes.pod.namespace
    50          operator: Exists
    51    - toEntities:
    52      - cluster
    53      - host
    54    endpointSelector: {}
    55    ingress:
    56    - {}