wip: Match chart to k8s state

values/cilium/cilium-manifests/policies/CiliumClusterwideNetworkPolicy-allow-acme-solvers.yaml

@@ -1,13 +0,0 @@
-apiVersion: cilium.io/v2
-kind: CiliumClusterwideNetworkPolicy
-metadata:
-  name: allow-acme-solvers
-spec:
-  description: Policy for ingress for Acme Solvers.
-  endpointSelector:
-    matchLabels:
-      acme.cert-manager.io/http01-solver: "true"
-  ingress:
-    - fromEndpoints:
-        - matchLabels:
-            io.kubernetes.pod.namespace: ingress-nginx

values/cilium/cilium-manifests/policies/CiliumClusterwideNetworkPolicy-allow-dns.yaml

@@ -1,24 +0,0 @@
-apiVersion: cilium.io/v2
-kind: CiliumClusterwideNetworkPolicy
-metadata:
-  name: allow-dns
-spec:
-  description: 'description: Allow only dns traffic by default. Also acts as a deny-all policy'
-  egress:
-    - toEndpoints:
-        - matchLabels:
-            io.kubernetes.pod.namespace: kube-system
-            k8s-app: kube-dns
-      toPorts:
-        - ports:
-            - port: "53"
-              protocol: UDP
-        - rules:
-            dns:
-              - matchPattern: '*'
-  endpointSelector:
-    matchExpressions:
-      - key: io.kubernetes.pod.namespace
-        operator: NotIn
-        values:
-          - kube-system

values/cilium/cilium-manifests/policies/CiliumClusterwideNetworkPolicy-allow-mariadb-operator.yaml

@@ -1,18 +0,0 @@
-apiVersion: cilium.io/v2
-kind: CiliumClusterwideNetworkPolicy
-metadata:
-  name: allow-mariadb-operator
-spec:
-  description: allow mariadb instances to be reached by operator
-  endpointSelector:
-    matchLabels:
-      app.kubernetes.io/name: mariadb
-  ingress:
-    - fromEndpoints:
-        - matchLabels:
-            app.kubernetes.io/name: mariadb-operator
-            io.kubernetes.pod.namespace: mariadb-operator
-      toPorts:
-        - ports:
-            - port: "3306"
-              protocol: TCP

values/cilium/cilium-manifests/policies/CiliumClusterwideNetworkPolicy-allow-s3.yaml

@@ -1,20 +0,0 @@
-apiVersion: cilium.io/v2
-kind: CiliumClusterwideNetworkPolicy
-metadata:
-  name: allow-s3-traffic
-spec:
-  description: Policy for egress for CNPG Backups.
-  egress:
-    - toFQDNs:
-      {{- range .Values.clusterConfig.s3.hosts }}
-        - matchName: {{ . | quote }}
-      {{- end }}
-      {{- range .Values.clusterConfig.s3.patterns }}
-        - matchPattern: {{ . | quote }}
-      {{- end }}
-    - toCIDR:
-      {{- range .Values.clusterConfig.s3.cidr }}
-        - {{ . | quote }}
-      {{- end }}
-  endpointSelector:
-    matchLabels: {}

values/cilium/cilium-manifests/policies/CiliumClusterwideNetworkPolicy-deny-all.yaml

@@ -1,9 +0,0 @@
-apiVersion: cilium.io/v2
-kind: CiliumClusterwideNetworkPolicy
-metadata:
-  name: deny-all
-spec:
-  description: Deny all
-  egress: []
-  endpointSelector: {}
-  ingress: []