Skip to content

Instantly share code, notes, and snippets.

@onefoursix

onefoursix/cilium-streamsets-engine.yaml

Last active October 14, 2024 02:15
Show Gist options
  • Save onefoursix/6d29d24c6ce79e8231b9be00ee67b9fb to your computer and use it in GitHub Desktop.
Save onefoursix/6d29d24c6ce79e8231b9be00ee67b9fb to your computer and use it in GitHub Desktop.
Download ZIP
Cilium Network Policy for StreamSets Engines
Raw
cilium-streamsets-engine.yaml
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: cnp-streamsets-engine
namespace: <your namespace>
spec:
endpointSelector:
matchLabels:
"streamsets": engine
egress:
# Allow egress to StreamSets endpoints
- toFQDNs:
- matchName: <your Control Hub URL>
- matchName: archives.streamsets.com
- matchName: telemetry.streamsets.com
- matchName: prod-customer-support-bundles.s3.amazonaws.com
toPorts:
- ports:
- port: "443"
protocol: TCP
# Allow egress to kube-dns
- toEndpoints:
- matchLabels:
"k8s:io.kubernetes.pod.namespace": kube-system
"k8s:k8s-app": kube-dns
toPorts:
- ports:
- port: "53"
protocol: UDP
rules:
dns:
- matchPattern: "*"
## Add entries for egress for pipeline endpoints. For example:
# Allow egress to Oracle
# - toCIDRSet:
# - cidr: 105.103.8.18/32
# toPorts:
# - ports:
# - port: "1521"
# protocol: TCP
# Allow egress to Snowflake
# - toFQDNs:
# - matchName: ffnldgw-ecb99572.snowflakecomputing.com
# - matchName: ocsp.rootca1.amazontrust.com
# - matchName: ocsp.snowflakecomputing.com
# - matchName: sfc-prod3-ds1-50-customer-stage.s3.us-west-2.amazonaws.com
# toPorts:
# - ports:
# - port: "80"
# protocol: TCP
# - port: "443"
# protocol: TCP
# Allow egress to s3-us-west-2-r-w.amazonaws.com
# - toCIDRSet:
# - cidr: 3.5.83.182/32
# toPorts:
# - ports:
# - port: "443"
# protocol: TCP
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment