github.com/looshlee/cilium@v1.6.12/examples/kubernetes-grpc/cc-door-ingress-security.yaml

github.com/looshlee/cilium@v1.6.12/examples/kubernetes-grpc/cc-door-ingress-security.yaml (about)

     1  apiVersion: "cilium.io/v2"
     2  kind: CiliumNetworkPolicy
     3  description: "L7 policy to allow public terminals to call GetName, GetLocation, and RequestMaintenance, but not GetState, or SetAccessCode on the Door Manager Service"
     4  metadata:
     5    name: "rule1"
     6  spec:
     7    endpointSelector:
     8      matchLabels:
     9        app: cc-door-mgr 
    10    ingress:
    11    - fromEndpoints:
    12      - matchLabels:
    13          app: public-terminal
    14      toPorts:
    15      - ports:
    16        - port: "50051"
    17          protocol: TCP
    18        rules:
    19          http:
    20          - method: "POST" 
    21            path: "/cloudcity.DoorManager/GetName"
    22          - method: "POST" 
    23            path: "/cloudcity.DoorManager/GetLocation"
    24          - method: "POST" 
    25            path: "/cloudcity.DoorManager/RequestMaintenance"