[Verse 1]
Three gatekeepers patrol your cluster's gates
NetworkPolicy shields where data waits
Broker traffic locked behind ingress rules
Only trusted pods can use these tools
Selectors match the labels on each port
Deny by default keeps invaders short
[Chorus]
Lock the brokers, cage the zoo
Label selectors know what's true
Three policies guard the wire
Ingress, egress, namespace choir
Lock the brokers, cage the zoo
Traffic rules will see you through
[Verse 2]
ZooKeeper whispers secrets in the dark
Internal chatter needs a special mark
Isolate the quorum from outside reach
Port twenty-one-eighty-one stays out of breach
ClusterIP masks the ensemble's dance
No external eyes get half a chance
[Chorus]
Lock the brokers, cage the zoo
Label selectors know what's true
Three policies guard the wire
Ingress, egress, namespace choir
Lock the brokers, cage the zoo
Traffic rules will see you through
[Bridge]
Namespace selectors carve the boundaries clean
App equals kafka in the matching scene
Pod selectors drill down to the core
Component equals broker opens the door
Allow from specific namespaces only
Deny all others, keep it lonely
[Verse 3]
Third policy paints the allowed list white
Specific pods get the connection right
MatchLabels filter who can speak
PodSelector finds what you seek
From development namespace to production zone
Each gets its tunnel, each stands alone
[Chorus]
Lock the brokers, cage the zoo
Label selectors know what's true
Three policies guard the wire
Ingress, egress, namespace choir
Lock the brokers, cage the zoo
Traffic rules will see you through
[Outro]
Three walls standing guard tonight
Kafka sleeps secure and tight
Network policies hold the line
Your streaming fortress, by design