Introduction
Cilium provides security on multiple levels. Each can be used individually or combined together.
Identity-Based: Connectivity policies between endpoints (Layer 3), e.g. any endpoint with label
role=frontendcan connect to any endpoint with labelrole=backend.Restriction of accessible ports (Layer 4) for both incoming and outgoing connections, e.g. endpoint with label
role=frontendcan only make outgoing connections on port 443 (https) and endpointrole=backendcan only accept connections on port 443 (https).Fine grained access control on application protocol level to secure HTTP and remote procedure call (RPC) protocols, e.g the endpoint with label
role=frontendcan only perform the REST API callGET /userdata/[0-9]+, all other API interactions withrole=backendare restricted.