GitHub user hpvd added a comment to the discussion: Example for Pulsar secured
by Cilium
Example how its done:
Restrict Kafka Topic Access to the Following Pods
Typically, we’re forced to write networking policies like: "Allow any
application with the label kafka-consumer" to speak to Kafka. This casts a
rather wide net, when with L7 policies we can limit the access to individual
topics depending on the labels. As such, we can say that only the "beer-brewer"
can publish to the hops topic.
this is how code looks:
```
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: beer-brewers
spec:
ingress:
- fromEndpoints:
- matchLabels:
role: beer-brewer
toPorts:
- ports:
- port: 9092
protocol: TCP
rules:
kafka:
- role: produce
topic: hops
```
https://deploy.equinix.com/developers/guides/choosing-a-cni-for-kubernetes
GitHub link:
https://github.com/apache/pulsar/discussions/20650#discussioncomment-6283548
----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to: [email protected]
