Cilium network policy

Cilium network policy

Resource NetworkPolicy only supports layer 3 and 4

Introduces custom resource CiliumNetworkPolicy

Filtering based on Services

Support for filtering on layer 7, e.g. HTTP

Deny policies

Host policies

Demo

Check endpoints in cilium agent

Check dropped packets

Egress

Allow DNS from test1

Allow HTTP from test1 to test2

Ingress

Allow HTTP from test2 to test3

Filter based on HTTP info

Other

Filter DNS requests