github.com/looshlee/cilium@v1.6.12/examples/kubernetes-cassandra/cass-sw-security-policy.yaml

github.com/looshlee/cilium@v1.6.12/examples/kubernetes-cassandra/cass-sw-security-policy.yaml (about)

     1  apiVersion: "cilium.io/v2"
     2  kind: CiliumNetworkPolicy
     3  description: "Allow only permitted requests to empire Cassandra server"
     4  metadata:
     5    name: "secure-empire-cassandra"
     6  specs:
     7    - endpointSelector:
     8        matchLabels:
     9          app: cass-server
    10      ingress:
    11      - fromEndpoints:
    12        - matchLabels:
    13            app: empire-outpost
    14        toPorts:
    15        - ports:
    16          - port: "9042"
    17            protocol: TCP
    18          rules:
    19            l7proto: cassandra
    20            l7: 
    21            - query_action: "select"
    22              query_table: "system\\..*" 
    23            - query_action: "select"
    24              query_table: "system_schema\\..*" 
    25            - query_action: "insert"
    26              query_table: "attendance.daily_records"
    27      - fromEndpoints:
    28        - matchLabels:
    29            app: empire-hq
    30        toPorts:
    31        - ports:
    32          - port: "9042"
    33            protocol: TCP
    34          rules:
    35            l7proto: cassandra
    36            l7: 
    37            - {}