Cilium provides security on multiple levels. Each can be used individually or combined together.
Identity-based: Connectivity policies between endpoints (Layer 3), e.g. any endpoint with label
role=frontendcan connect to any endpoint with label
Restriction of accessible ports (Layer 4) for both incoming and outgoing connections, e.g. endpoint with label
role=frontendcan only make outgoing connections on port 443 (https) and endpoint
role=backendcan only accept connections on port 443 (https).
Fine grained access control on application protocol level to secure HTTP and remote procedure call (RPC) protocols, e.g the endpoint with label
role=frontendcan only perform the REST API call
GET /userdata/[0-9]+, all other API interactions with