cilium

1
apiVersion: "cilium.io/v2"
2
kind: CiliumNetworkPolicy
3
metadata:
4
  name: "secure-empire-kafka"
5
specs:
6
  - description: Allow only permitted Kafka requests to empire Kafka broker
7
    endpointSelector:
8
      matchLabels:
9
        app: kafka
10
    ingress:
11
    - fromEndpoints:
12
      - matchLabels:
13
          app: empire-hq
14
      toPorts:
15
      - ports:
16
        - port: "9092"
17
          protocol: TCP
18
        rules:
19
          kafka:
20
          - role: "produce"
21
            topic: "deathstar-plans"
22
          - role: "produce"
23
            topic: "empire-announce"
24
    - fromEndpoints:
25
      - matchLabels:
26
          app: kafka
27
  - endpointSelector:
28
      matchLabels:
29
        app: kafka
30
    ingress:
31
    - fromEndpoints:
32
      - matchLabels:
33
          app: empire-outpost
34
      toPorts:
35
      - ports:
36
        - port: "9092"
37
          protocol: TCP
38
        rules:
39
          kafka:
40
          - role: "consume"
41
            topic: "empire-announce"
42
  - endpointSelector:
43
      matchLabels:
44
        app: kafka
45
    ingress:
46
    - fromEndpoints:
47
      - matchLabels:
48
          app: empire-backup
49
      toPorts:
50
      - ports:
51
        - port: "9092"
52
          protocol: TCP
53
        rules:
54
          kafka:
55
          - role: "consume"
56
            topic: "deathstar-plans"
57