fix: make cilium s3 policies global

apps/sys/charts/sys-cilium-policies/templates/kyverno/CiliumNetworkPolicy-allow-api-server.yaml

@@ -0,0 +1,15 @@
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-api-server
+  namespace: kyverno
+spec:
+  egress:
+    - toEntities:
+        - kube-apiserver
+    - toPorts:
+        - ports:
+            - port: "6443"
+              protocol: TCP
+  endpointSelector:
+    matchLabels: {}

apps/sys/charts/sys-cilium-policies/templates/kyverno/CiliumNetworkPolicy-allow-prometheus-metrics.yaml

@@ -0,0 +1,17 @@
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-prometheus-metrics
+  namespace: kyverno
+spec:
+  endpointSelector:
+    matchLabels:
+      app.kubernetes.io/instance: kyverno
+  ingress:
+    - fromEndpoints:
+        - matchLabels:
+            io.kubernetes.pod.namespace: prometheus
+    - toPorts:
+        - ports:
+            - port: "8000"
+              protocol: TCP

apps/sys/charts/sys-cilium-policies/templates/kyverno/CiliumNetworkPolicy-allow-remote-node-to-kyverno.yaml

@@ -0,0 +1,12 @@
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-remote-node-to-kyverno
+  namespace: kyverno
+spec:
+  endpointSelector:
+    matchLabels:
+      app.kubernetes.io/instance: kyverno
+  ingress:
+    - fromEntities:
+        - remote-node