Introduction
Cilium provides security on multiple levels. Each can be used individually or combined together.
Identity-Based: Connectivity policies between endpoints (Layer 3), e.g. any endpoint with label
role=frontend
can connect to any endpoint with labelrole=backend
.Restriction of accessible ports (Layer 4) for both incoming and outgoing connections, e.g. endpoint with label
role=frontend
can only make outgoing connections on port 443 (https) and endpointrole=backend
can only accept connections on port 443 (https).Fine grained access control on application protocol level to secure HTTP and remote procedure call (RPC) protocols, e.g the endpoint with label
role=frontend
can only perform the REST API callGET /userdata/[0-9]+
, all other API interactions withrole=backend
are restricted.