github.com/fafucoder/cilium@v1.6.11/test/k8sT/manifests/kafka-sw-security-policy.yaml

github.com/fafucoder/cilium@v1.6.11/test/k8sT/manifests/kafka-sw-security-policy.yaml (about)

     1  apiVersion: "cilium.io/v2"
     2  kind: CiliumNetworkPolicy
     3  description: "Allow only permitted Kafka requests to empire Kafka broker"
     4  metadata:
     5    name: "kafka-sw-security-policy"
     6  specs:
     7    - endpointSelector:
     8        matchLabels:
     9          app: kafka
    10      ingress:
    11      - fromEndpoints:
    12        - matchLabels:
    13            "reserved:host": ""
    14        toPorts:
    15        - ports:
    16          - port: "9092"
    17            protocol: TCP
    18    - endpointSelector:
    19        matchLabels:
    20          app: kafka
    21      egress:
    22      - toEndpoints:
    23        - matchLabels:
    24            k8s-app: kube-dns
    25            "k8s:io.kubernetes.pod.namespace": kube-system
    26    - endpointSelector:
    27        matchLabels:
    28          app: kafka
    29      ingress:
    30      - fromEndpoints:
    31        - matchLabels:
    32            app: empire-hq
    33        toPorts:
    34        - ports:
    35          - port: "9092"
    36            protocol: TCP
    37          rules:
    38            kafka:
    39            - apiKey: "apiversions"
    40            - apiKey: "metadata"
    41            - apiKey: "produce"
    42              topic: "deathstar-plans"
    43            - apiKey: "produce"
    44              topic: "empire-announce"
    45      - fromEndpoints:
    46        - matchLabels:
    47            app: kafka
    48    - endpointSelector:
    49        matchLabels:
    50          app: kafka
    51      ingress:
    52      - fromEndpoints:
    53        - matchLabels:
    54            app: empire-outpost
    55        toPorts:
    56        - ports:
    57          - port: "9092"
    58            protocol: TCP
    59          rules:
    60            kafka:
    61            - apiKey: "fetch"
    62              topic: "empire-announce"
    63            - apiKey: "apiversions"
    64            - apiKey: "metadata"
    65            - apiKey: "findcoordinator"
    66            - apiKey: "joingroup"
    67            - apiKey: "leavegroup"
    68            - apiKey: "syncgroup"
    69            - apiKey: "offsets"
    70            - apiKey: "offsetcommit"
    71            - apiKey: "offsetfetch"
    72            - apiKey: "heartbeat"
    73    - endpointSelector:
    74        matchLabels:
    75          app: kafka
    76      ingress:
    77      - fromEndpoints:
    78        - matchLabels:
    79            app: empire-backup
    80        toPorts:
    81        - ports:
    82          - port: "9092"
    83            protocol: TCP
    84          rules:
    85            kafka:
    86            - apiKey: "fetch"
    87              topic: "deathstar-plans"
    88            - apiKey: "apiversions"
    89            - apiKey: "metadata"
    90            - apiKey: "findcoordinator"
    91            - apiKey: "joingroup"
    92            - apiKey: "leavegroup"
    93            - apiKey: "syncgroup"
    94            - apiKey: "offsets"
    95            - apiKey: "offsetcommit"
    96            - apiKey: "offsetfetch"
    97            - apiKey: "heartbeat"