github.com/fafucoder/cilium@v1.6.11/examples/kubernetes-kafka/kafka-sw-security-policy.yaml (about) 1 apiVersion: "cilium.io/v2" 2 kind: CiliumNetworkPolicy 3 description: "Allow only permitted Kafka requests to empire Kafka broker" 4 metadata: 5 name: "secure-empire-kafka" 6 specs: 7 - endpointSelector: 8 matchLabels: 9 app: kafka 10 ingress: 11 - fromEndpoints: 12 - matchLabels: 13 app: empire-hq 14 toPorts: 15 - ports: 16 - port: "9092" 17 protocol: TCP 18 rules: 19 kafka: 20 - role: "produce" 21 topic: "deathstar-plans" 22 - role: "produce" 23 topic: "empire-announce" 24 - fromEndpoints: 25 - matchLabels: 26 app: kafka 27 - endpointSelector: 28 matchLabels: 29 app: kafka 30 ingress: 31 - fromEndpoints: 32 - matchLabels: 33 app: empire-outpost 34 toPorts: 35 - ports: 36 - port: "9092" 37 protocol: TCP 38 rules: 39 kafka: 40 - role: "consume" 41 topic: "empire-announce" 42 - endpointSelector: 43 matchLabels: 44 app: kafka 45 ingress: 46 - fromEndpoints: 47 - matchLabels: 48 app: empire-backup 49 toPorts: 50 - ports: 51 - port: "9092" 52 protocol: TCP 53 rules: 54 kafka: 55 - role: "consume" 56 topic: "deathstar-plans"