github.com/looshlee/cilium@v1.6.12/examples/kubernetes-es/es-sw-policy.yaml (about) 1 apiVersion: cilium.io/v2 2 kind: CiliumNetworkPolicy 3 metadata: 4 name: secure-empire-elasticsearch 5 namespace: default 6 specs: 7 - endpointSelector: 8 matchLabels: 9 component: elasticsearch 10 ingress: 11 - fromEndpoints: 12 - matchLabels: 13 app: spaceship 14 toPorts: 15 - ports: 16 - port: "9200" 17 protocol: TCP 18 rules: 19 http: 20 - method: ^PUT$ 21 path: ^/spaceship_diagnostics/stats/.*$ 22 - fromEndpoints: 23 - matchLabels: 24 app: empire-hq 25 toPorts: 26 - ports: 27 - port: "9200" 28 protocol: TCP 29 rules: 30 http: 31 - method: ^GET$ 32 path: ^/spaceship_diagnostics/_search/??.*$ 33 - method: ^GET$ 34 path: ^/troop_logs/_search/??.*$ 35 - fromEndpoints: 36 - matchLabels: 37 app: outpost 38 toPorts: 39 - ports: 40 - port: "9200" 41 protocol: TCP 42 rules: 43 http: 44 - method: ^PUT$ 45 path: ^/troop_logs/log/.*$ 46 - egress: 47 - toEndpoints: 48 - matchExpressions: 49 - key: k8s:io.kubernetes.pod.namespace 50 operator: Exists 51 - toEntities: 52 - cluster 53 - host 54 endpointSelector: {} 55 ingress: 56 - {}