feat: allow namespace internal traffic from clusterwide policy

resources/oceanbox-cluster/network-policies/clusterpolicy-allow-namespace-traffic.yaml

@@ -0,0 +1,28 @@
+apiVersion: cilium.io/v2
+kind: CiliumClusterwideNetworkPolicy
+metadata:
+  name: allow-namespace-traffic
+spec:
+  description: "Allow all traffic within a namespace, allow dns, allow egress to all entities in cluster"
+  endpointSelector: {}
+  ingress:
+    - fromEndpoints:
+      - matchExpressions:
+        - key: io.kubernetes.pod.namespace
+          operator: Exists
+  egress:
+    - toEndpoints:
+      - matchExpressions:
+        - key: io.kubernetes.pod.namespace
+          operator: Exists
+    - toEndpoints:
+        - matchLabels:
+            io.kubernetes.pod.namespace: kube-system
+            k8s-app: kube-dns
+      toPorts:
+        - ports:
+            - port: "53"
+              protocol: UDP
+          rules:
+            dns:
+              - matchPattern: "*"