refactor: move resorces and policies to system

values/system/oceanbox/network/atlantis/allow-api-server.yaml

@@ -0,0 +1,15 @@
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-kube-api
+  namespace: atlantis
+spec:
+  endpointSelector:
+    matchLabels: {}
+  egress:
+  - toEntities:
+    - kube-apiserver
+    toPorts:
+    - ports:
+      - port: "6443"
+        protocol: TCP

values/system/oceanbox/network/atlantis/atlantis-policies.yaml

@@ -0,0 +1,26 @@
+apiVersion: cilium.io/v2
+kind: CiliumClusterwideNetworkPolicy
+metadata:
+  name: allow-atlantis-services
+  namespace: {{ .Release.Namespace }}
+spec:
+  egress:
+  - toEndpoints:
+    - matchLabels:
+        k8s:io.kubernetes.pod.namespace: dapr-system
+  - toEndpoints:
+    - matchLabels:
+        k8s:io.kubernetes.pod.namespace: {{ .Values.rabbitmq.namespace | default "rabbitmq" }}
+  - toEndpoints:
+    - matchLabels:
+        k8s:io.kubernetes.pod.namespace: {{ .Values.tracing.namespace | default "otel" }}
+  - toFQDNs:
+    - matchName: dapr.github.io
+    - matchName: analytics.loft.rocks
+    # - matchName: gitlab.com
+    # - matchName: api.github.com
+    - matchPattern: "*.k1.itpartner.no"
+    - matchPattern: '*.oceanbox.io'
+    # - matchPattern: '*.gitlab.com'
+  endpointSelector:
+    matchLabels: {}