github.com/looshlee/cilium@v1.6.12/examples/kubernetes-kafka/kafka-sw-security-policy.yaml (about)

     1  apiVersion: "cilium.io/v2"
     2  kind: CiliumNetworkPolicy
     3  description: "Allow only permitted Kafka requests to empire Kafka broker"
     4  metadata:
     5    name: "secure-empire-kafka"
     6  specs:
     7    - endpointSelector:
     8        matchLabels:
     9          app: kafka
    10      ingress:
    11      - fromEndpoints:
    12        - matchLabels:
    13            app: empire-hq
    14        toPorts:
    15        - ports:
    16          - port: "9092"
    17            protocol: TCP
    18          rules:
    19            kafka:
    20            - role: "produce"
    21              topic: "deathstar-plans"
    22            - role: "produce"
    23              topic: "empire-announce"
    24      - fromEndpoints:
    25        - matchLabels:
    26            app: kafka
    27    - endpointSelector:
    28        matchLabels:
    29          app: kafka
    30      ingress:
    31      - fromEndpoints:
    32        - matchLabels:
    33            app: empire-outpost
    34        toPorts:
    35        - ports:
    36          - port: "9092"
    37            protocol: TCP
    38          rules:
    39            kafka:
    40            - role: "consume"
    41              topic: "empire-announce"
    42    - endpointSelector:
    43        matchLabels:
    44          app: kafka
    45      ingress:
    46      - fromEndpoints:
    47        - matchLabels:
    48            app: empire-backup
    49        toPorts:
    50        - ports:
    51          - port: "9092"
    52            protocol: TCP
    53          rules:
    54            kafka:
    55            - role: "consume"
    56              topic: "deathstar-plans"