wip: unify sys and apps

apps/charts/sys-cilium-policies/templates/minio-operator/CiliumClusterwideNetworkPolicy-allow-kube-api.yaml

@@ -0,0 +1,16 @@
+apiVersion: cilium.io/v2
+kind: CiliumClusterwideNetworkPolicy
+metadata:
+  name: allow-kube-api
+spec:
+  description: Allow access to the Kube API server
+  egress:
+    - toEntities:
+        - kube-apiserver
+      toPorts:
+        - ports:
+            - port: "6443"
+              protocol: TCP
+  endpointSelector:
+    matchLabels:
+      app: minio

apps/charts/sys-cilium-policies/templates/minio-operator/CiliumClusterwideNetworkPolicy-allow-minio-operator.yaml

@@ -0,0 +1,17 @@
+apiVersion: cilium.io/v2
+kind: CiliumClusterwideNetworkPolicy
+metadata:
+  name: allow-minio-operator
+spec:
+  description: Allow access to the Kube API server
+  endpointSelector:
+    matchLabels:
+      app: minio
+  ingress:
+    - fromEndpoints:
+        - matchLabels:
+            io.kubernetes.pod.namespace: minio-operator
+      toPorts:
+        - ports:
+            - port: "9000"
+              protocol: TCP

apps/charts/sys-cilium-policies/templates/minio-operator/CiliumClusterwideNetworkPolicy-allow-nodeport-ingress.yaml

@@ -0,0 +1,16 @@
+apiVersion: cilium.io/v2
+kind: CiliumClusterwideNetworkPolicy
+metadata:
+  name: allow-nodeport-ingress
+spec:
+  description: Allow access to the Kube API server
+  endpointSelector:
+    matchLabels:
+      app: minio
+  ingress:
+    - fromEntities:
+        - world
+      toPorts:
+        - ports:
+            - port: "9000"
+              protocol: TCP

apps/charts/sys-cilium-policies/templates/minio-operator/CiliumNetworkPolicy-allow-kube-api.yaml

@@ -0,0 +1,16 @@
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-kube-api
+  namespace: minio-operator
+spec:
+  description: Allow access to the Kube API server
+  egress:
+    - toEntities:
+        - kube-apiserver
+      toPorts:
+        - ports:
+            - port: "6443"
+              protocol: TCP
+  endpointSelector:
+    matchLabels: {}