fix: add cilium cluster feature guards to network policies

values/argo/manifests/policies/CiliumNetworkPolicy-allow-applicationset-ingress.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -12,3 +13,4 @@ spec:
     - fromEndpoints:
         - matchLabels:
             io.kubernetes.pod.namespace: ingress-nginx
+{{- end }}

values/argo/manifests/policies/CiliumNetworkPolicy-allow-argo-notifications.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -11,3 +12,4 @@ spec:
   endpointSelector:
     matchLabels:
       app.kubernetes.io/component: notifications-controller
+{{- end }}

values/argo/manifests/policies/CiliumNetworkPolicy-allow-argo-repo-access-applicationset.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -11,3 +12,4 @@ spec:
   endpointSelector:
     matchLabels:
       app.kubernetes.io/component: applicationset-controller
+{{- end }}

values/argo/manifests/policies/CiliumNetworkPolicy-allow-argo-repo-access.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -11,3 +12,4 @@ spec:
   endpointSelector:
     matchLabels:
       app.kubernetes.io/component: repo-server
+{{- end }}

values/argo/manifests/policies/CiliumNetworkPolicy-allow-chartmuseum-ingress.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -12,3 +13,4 @@ spec:
     - fromEndpoints:
         - matchLabels:
             io.kubernetes.pod.namespace: ingress-nginx
+{{- end }}

values/argo/manifests/policies/CiliumNetworkPolicy-allow-image-updater-repo-access.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -11,3 +12,4 @@ spec:
   endpointSelector:
     matchLabels:
       app.kubernetes.io/name: argocd-image-updater
+{{- end }}

values/argo/manifests/policies/CiliumNetworkPolicy-allow-ingress.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -12,3 +13,4 @@ spec:
     - fromEndpoints:
         - matchLabels:
             io.kubernetes.pod.namespace: ingress-nginx
+{{- end }}

values/argo/manifests/policies/CiliumNetworkPolicy-allow-kube-api.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -14,3 +15,4 @@ spec:
               protocol: TCP
   endpointSelector:
     matchLabels: {}
+{{- end }}

values/argo/manifests/policies/CiliumNetworkPolicy-allow-microsoft-sso.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -14,3 +15,4 @@ spec:
   endpointSelector:
     matchLabels:
       app.kubernetes.io/name: argocd-dex-server
+{{- end }}

values/argo/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics-rollout.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -16,3 +17,4 @@ spec:
         - ports:
             - port: "8090"
               protocol: TCP
+{{- end }}

values/argo/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics-workflows.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -16,3 +17,4 @@ spec:
         - ports:
             - port: "9090"
               protocol: TCP
+{{- end }}

values/argo/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -28,3 +29,4 @@ spec:
               protocol: TCP
             - port: "5558"
               protocol: TCP
+{{- end }}

values/atlantis/manifests/network/allow-api-server.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 # apiVersion: cilium.io/v2
 # kind: CiliumNetworkPolicy
 # metadata:
@@ -13,3 +14,4 @@
 #     - ports:
 #       - port: "6443"
 #         protocol: TCP
+{{- end }}

values/atlantis/manifests/network/allow-external-services.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -9,3 +10,4 @@ spec:
     - matchName: id.barentswatch.no
   endpointSelector:
     matchLabels: {}
+{{- end }}

values/atlantis/manifests/network/allow-sentry.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -10,3 +11,4 @@ spec:
   endpointSelector:
     matchLabels:
       app.kubernetes.io/name: atlantis
+{{- end }}

values/atlantis/manifests/network/atlantis-policies.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 # apiVersion: cilium.io/v2
 # kind: CiliumClusterwideNetworkPolicy
 # metadata:
@@ -23,3 +24,4 @@
 #     # - matchPattern: '*.gitlab.com'
 #   endpointSelector:
 #     matchLabels: {}
+{{- end }}

values/cert-manager/manifests/policies/CiliumNetworkPolicy-allow-api-server-to-cert-manager.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -11,3 +12,4 @@ spec:
   ingress:
     - fromEntities:
         - remote-node
+{{- end }}

values/cert-manager/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -10,3 +11,4 @@ spec:
         - kube-apiserver
   endpointSelector:
     matchLabels: {}
+{{- end }}

values/cert-manager/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -16,3 +17,4 @@ spec:
         - ports:
             - port: "9402"
               protocol: TCP
+{{- end }}

values/cert-manager/manifests/policies/CiliumNetworkPolicy-allow-world-traffic.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -10,3 +11,4 @@ spec:
         - world
   endpointSelector:
     matchLabels: {}
+{{- end }}

values/cilium/cilium-manifests/dashboards/cilium-policy-verdicts.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -1112,3 +1113,4 @@ data:
       "version": 1,
       "weekStart": ""
     }
+{{- end }}

values/cilium/cilium-manifests/loadbalancer.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 {{if .Values.cilium.loadbalancerPool.enabled }}
 apiVersion: "cilium.io/v2alpha1"
 kind: CiliumLoadBalancerIPPool
@@ -21,3 +22,4 @@ spec:
   externalIPs: true
   loadBalancerIPs: true
 {{- end}}
+{{- end }}

values/cilium/cilium-manifests/policies/CiliumClusterwideNetworkPolicy-cilium-health-checks.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumClusterwideNetworkPolicy
 metadata:
@@ -13,3 +14,4 @@ spec:
   ingress:
     - fromEntities:
         - remote-node
+{{- end }}

values/cilium/spire-manifests/CiliumNetworkPolicy-allow-api-server.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -13,3 +14,4 @@ spec:
               protocol: TCP
   endpointSelector:
     matchLabels: {}
+{{- end }}

values/cilium/spire-manifests/CiliumNetworkPolicy-allow-remote-node-to-server.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -13,3 +14,4 @@ spec:
         - ports:
             - port: "8081"
               protocol: TCP
+{{- end }}

values/csi-addons-system/manifests/allow-9070-host.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: "cilium.io/v2"
 kind: CiliumNetworkPolicy
 metadata:
@@ -26,3 +27,4 @@ spec:
     - toEntities:
         - remote-node
   endpointSelector: {}
+{{- end }}

values/dapr/manifests/network/allow-api-server.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -13,3 +14,4 @@ spec:
     - ports:
       - port: "6443"
         protocol: TCP
+{{- end }}

values/dapr/manifests/network/allow-remote-node.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -14,3 +15,4 @@ spec:
     - ports:
       - port: "4000"
         protocol: TCP
+{{- end }}

values/ingress-nginx/manifests/policies/CiliumNetworkPolicy-allow-host-traffic.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -12,3 +13,4 @@ spec:
     matchLabels:
       app.kubernetes.io/component: controller
       app.kubernetes.io/instance: ingress-nginx
+{{- end }}

values/ingress-nginx/manifests/policies/CiliumNetworkPolicy-allow-hubble-traffic.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -12,3 +13,4 @@ spec:
     matchLabels:
       app.kubernetes.io/component: controller
       app.kubernetes.io/instance: ingress-nginx
+{{- end }}

values/ingress-nginx/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -15,3 +16,4 @@ spec:
         - ports:
             - port: "9913"
               protocol: TCP
+{{- end }}

values/ingress-nginx/manifests/policies/CiliumNetworkPolicy-allow-s3-traffic.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -17,3 +18,4 @@ spec:
     matchLabels:
       app.kubernetes.io/component: controller
       app.kubernetes.io/instance: ingress-nginx
+{{- end }}

values/ingress-nginx/manifests/policies/CiliumNetworkPolicy-allow-world-to-ingress-nginx.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -17,3 +18,4 @@ spec:
               protocol: TCP
             - port: "443"
               protocol: TCP
+{{- end }}

values/loki/manifests/network/CiliumNetworkPolicy-allow-loki-backend-to-api-server.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -16,3 +17,4 @@ spec:
     matchLabels:
       app.kubernetes.io/component: backend
       app.kubernetes.io/instance: loki
+{{- end }}

values/loki/manifests/network/CiliumNetworkPolicy-allow-prometheus-metrics.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -18,3 +19,4 @@ spec:
               protocol: TCP
             - port: "3500"
               protocol: TCP
+{{- end }}

values/loki/manifests/network/CiliumNetworkPolicy-allow-promtail-to-api-server.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -15,3 +16,4 @@ spec:
   endpointSelector:
     matchLabels:
       app.kubernetes.io/instance: promtail
+{{- end }}

values/loki/manifests/network/CiliumNetworkPolicy-allow-s3-traffic.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -10,3 +11,4 @@ spec:
         - 10.255.241.30/32
   endpointSelector:
     matchLabels: {}
+{{- end }}

values/loki/manifests/network/CiliumNetworkPolicy-allow-s3.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -12,3 +13,4 @@ spec:
   endpointSelector:
     matchLabels:
       app.kubernetes.io/instance: loki
+{{- end }}

values/loki/manifests/network/CiliumNetworkPolicy-allow-stats-grafana.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -11,3 +12,4 @@ spec:
   endpointSelector:
     matchLabels:
       app.kubernetes.io/instance: loki
+{{- end }}

values/opentelemetry-collector/manifests/network/CiliumNetworkPolicy-allow-otel-collector-loadbalancer-ingress.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -11,3 +12,4 @@ spec:
   ingress:
     - fromEntities:
         - world
+{{- end }}

values/plausible/manifests/network/CiliumNetworkPolicy-allow-ext.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -11,4 +12,5 @@ spec:
         - matchName: raw.githubusercontent.com
   endpointSelector:
     matchLabels:
-      app.kubernetes.io/name: plausible-analytics
+      app.kubernetes.io/name: plausible-analytics
+{{- end }}

values/plausible/manifests/network/CiliumNetworkPolicy-allow-gravatar.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -12,4 +13,5 @@ spec:
         - matchName: www.gravatar.com
   endpointSelector:
     matchLabels:
-      app.kubernetes.io/name: plausible-analytics
+      app.kubernetes.io/name: plausible-analytics
+{{- end }}

values/postgres-operator/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -14,3 +15,4 @@ spec:
   endpointSelector:
     matchLabels:
       app.kubernetes.io/instance: postgres-operator
+{{- end }}

values/postgres-operator/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -13,3 +14,4 @@ spec:
         - ports:
             - port: "9443"
               protocol: TCP
+{{- end }}

values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-alerting.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -11,3 +12,4 @@ spec:
   endpointSelector:
     matchLabels:
       app.kubernetes.io/instance: prom-alertmanager
+{{- end }}

values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-alertmanager-ingress.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -12,3 +13,4 @@ spec:
     - fromEndpoints:
         - matchLabels:
             io.kubernetes.pod.namespace: ingress-nginx
+{{- end }}

values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-dns-metrics.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -13,3 +14,4 @@ spec:
   endpointSelector:
     matchLabels:
       app.kubernetes.io/name: prometheus
+{{- end }}

values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-etcd-metrics.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -13,3 +14,4 @@ spec:
   endpointSelector:
     matchLabels:
       app.kubernetes.io/name: prometheus
+{{- end }}

values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-grafana-ingress.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -12,3 +13,4 @@ spec:
     - fromEndpoints:
         - matchLabels:
             io.kubernetes.pod.namespace: ingress-nginx
+{{- end }}

values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-grafana-oidc-login.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -14,3 +15,4 @@ spec:
   endpointSelector:
     matchLabels:
       app.kubernetes.io/name: grafana
+{{- end }}

values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-grafana-plugins.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -13,3 +14,4 @@ spec:
   endpointSelector:
     matchLabels:
       app.kubernetes.io/name: grafana
+{{- end }}

values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-grafana-secure-gravatar.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -12,3 +13,4 @@ spec:
   endpointSelector:
     matchLabels:
       app.kubernetes.io/name: grafana
+{{- end }}

values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-host-traffic.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -12,3 +13,4 @@ spec:
         - kube-apiserver
   endpointSelector:
     matchLabels: {}
+{{- end }}

values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-nginx-ingress.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -12,3 +13,4 @@ spec:
     - fromEndpoints:
         - matchLabels:
             io.kubernetes.pod.namespace: ingress-nginx
+{{- end }}

values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-opencost-scrape.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -17,3 +18,4 @@ spec:
         - ports:
             - port: "9090"
               protocol: TCP
+{{- end }}

values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-remote-node-to-metrics-server.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -11,3 +12,4 @@ spec:
   ingress:
     - fromEntities:
         - remote-node
+{{- end }}

values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-remote-node-to-webhook.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -11,3 +12,4 @@ spec:
   ingress:
     - fromEntities:
         - remote-node
+{{- end }}

values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-robusta-ingress.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -12,3 +13,4 @@ spec:
     - fromEndpoints:
         - matchLabels:
             io.kubernetes.pod.namespace: robusta
+{{- end }}

values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-slack.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -10,3 +11,4 @@ spec:
         - matchName: hooks.slack.com
   endpointSelector:
     matchLabels: {}
+{{- end }}

values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-stats-grafana.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -11,3 +12,4 @@ spec:
   endpointSelector:
     matchLabels:
       app.kubernetes.io/name: grafana
+{{- end }}

values/rabbitmq/network.bak/CiliumNetworkPolicy-allow-inter-node-traffic.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -50,3 +51,4 @@ spec:
             - port: "35680"
             - port: "35681"
             - port: "35682"
+{{- end }}

values/rabbitmq/network.bak/CiliumNetworkPolicy-allow-operator-traffic.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -16,3 +17,4 @@ spec:
         - ports:
             - port: "15672"
             - port: "15671"
+{{- end }}

values/rabbitmq/network.bak/CiliumNetworkPolicy-allow-rabbitmq-traffic.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -25,3 +26,4 @@ spec:
             - port: "15675"
             - port: "15692"
             - port: "15691"
+{{- end }}

values/rabbitmq/network.bak/policy-allow-rabbitmq.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -15,3 +16,4 @@ spec:
       - port: "15672"
         protocol: TCP
 
+{{- end }}

values/system/oceanbox/network/allow-azure-egress.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumClusterwideNetworkPolicy
 metadata:
@@ -13,3 +14,4 @@ spec:
         protocol: TCP
   endpointSelector: {}
 
+{{- end }}

values/system/oceanbox/network/allow-ceph-egress.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumClusterwideNetworkPolicy
 metadata:
@@ -15,3 +16,4 @@ spec:
     #     protocol: TCP
   endpointSelector: {}
 
+{{- end }}

values/system/oceanbox/network/allow-microsoft-oidc-login.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumClusterwideNetworkPolicy
 metadata:
@@ -8,3 +9,4 @@ spec:
   - toFQDNs:
     - matchName: login.microsoftonline.com
     - matchPattern: '*.microsoftonline.com'
+{{- end }}

values/system/oceanbox/network/clusterpolicy-allow-api-server.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumClusterwideNetworkPolicy
 metadata:
@@ -8,3 +9,4 @@ spec:
   egress:
   - toEntities:
     - kube-apiserver
+{{- end }}

values/system/oceanbox/network/clusterpolicy-allow-ekman-egress.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumClusterwideNetworkPolicy
 metadata:
@@ -20,3 +21,4 @@ spec:
         protocol: TCP
       - port: "30080"
         protocol: TCP
+{{- end }}

values/system/oceanbox/network/clusterpolicy-allow-namespace-traffic.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumClusterwideNetworkPolicy
 metadata:
@@ -26,3 +27,4 @@ spec:
           rules:
             dns:
               - matchPattern: "*"
+{{- end }}

values/system/oceanbox/network/clusterpolicy-allow-oceanboxio.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumClusterwideNetworkPolicy
 metadata:
@@ -10,3 +11,4 @@ spec:
     - matchPattern: "*oceanbox.io"
     - matchPattern: "*.oceanbox.io"
 
+{{- end }}

values/system/oceanbox/network/clusterpolicy-allow-remote-node.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumClusterwideNetworkPolicy
 metadata:
@@ -8,3 +9,4 @@ spec:
   ingress:
   - fromEntities:
     - kube-apiserver
+{{- end }}

values/tempo/manifests/network/CiliumNetworkPolicy-allow-api-server.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -12,3 +13,4 @@ spec:
   endpointSelector:
     matchLabels:
       app.kubernetes.io/instance: tempo
+{{- end }}

values/velero/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -14,3 +15,4 @@ spec:
   endpointSelector:
     matchLabels:
       app.kubernetes.io/instance: velero
+{{- end }}

values/velero/manifests/policies/CiliumNetworkPolicy-allow-job-api-server.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -14,3 +15,4 @@ spec:
   endpointSelector:
     matchLabels:
       batch.kubernetes.io/job-name: velero-upgrade-crds
+{{- end }}

values/velero/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -15,3 +16,4 @@ spec:
         - ports:
             - port: "8085"
               protocol: TCP
+{{- end }}

values/x509-exporter/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -14,3 +15,4 @@ spec:
   endpointSelector:
     matchLabels:
       app.kubernetes.io/instance: x509-exporter
+{{- end }}

values/x509-exporter/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -15,3 +16,4 @@ spec:
         - ports:
             - port: "9793"
               protocol: TCP
+{{- end }}