From c893082e6f48971608dac22c1a6f475f94b599fa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moritz=20J=C3=B6rg?= <moritz.jorg@oceanbox.io>
Date: Sat, 1 Nov 2025 14:00:11 +0100
Subject: [PATCH] fix(cert-manager): Allow webhook -> remote-node

---
 .../policies/allow-remote-node-webhook.yaml    | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 values/cert-manager/manifests/policies/allow-remote-node-webhook.yaml

diff --git a/values/cert-manager/manifests/policies/allow-remote-node-webhook.yaml b/values/cert-manager/manifests/policies/allow-remote-node-webhook.yaml
new file mode 100644
index 00000000..2a8bac65
--- /dev/null
+++ b/values/cert-manager/manifests/policies/allow-remote-node-webhook.yaml
@@ -0,0 +1,18 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-remote-node-webhooks
+  namespace: cert-manager
+spec:
+  endpointSelector:
+    matchLabels: {}
+  ingress:
+  - fromEntities:
+    - kube-apiserver
+    - remote-node
+  - toPorts:
+    - ports:
+      - port: "8443"
+        protocol: TCP
+{{- end }}