Introduction
Cilium provides security on multiple levels. Each can be used individually or combined together.
- Identity-based: Connectivity policies between endpoints (Layer 3), e.g. any endpoint with label
role=frontend
can connect to any endpoint with labelrole=backend
. - Restriction of accessible ports (Layer 4) for both incoming and outgoing connections, e.g. endpoint with label
role=frontend
can only make outgoing connections on port 443 (https) and endpointrole=backend
can only accept connections on port 443 (https). - Fine grained access control on application protocol level to secure HTTP and remote procedure call (RPC) protocols, e.g the endpoint with label
role=frontend
can only perform the REST API callGET /userdata/[0-9]+
, all other API interactions withrole=backend
are restricted.