cilium
56 строк · 1.2 Кб
1apiVersion: "cilium.io/v2"
2kind: CiliumNetworkPolicy
3metadata:
4name: "secure-empire-kafka"
5specs:
6- description: Allow only permitted Kafka requests to empire Kafka broker
7endpointSelector:
8matchLabels:
9app: kafka
10ingress:
11- fromEndpoints:
12- matchLabels:
13app: empire-hq
14toPorts:
15- ports:
16- port: "9092"
17protocol: TCP
18rules:
19kafka:
20- role: "produce"
21topic: "deathstar-plans"
22- role: "produce"
23topic: "empire-announce"
24- fromEndpoints:
25- matchLabels:
26app: kafka
27- endpointSelector:
28matchLabels:
29app: kafka
30ingress:
31- fromEndpoints:
32- matchLabels:
33app: empire-outpost
34toPorts:
35- ports:
36- port: "9092"
37protocol: TCP
38rules:
39kafka:
40- role: "consume"
41topic: "empire-announce"
42- endpointSelector:
43matchLabels:
44app: kafka
45ingress:
46- fromEndpoints:
47- matchLabels:
48app: empire-backup
49toPorts:
50- ports:
51- port: "9092"
52protocol: TCP
53rules:
54kafka:
55- role: "consume"
56topic: "deathstar-plans"
57