apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
  name: allow-controller-metrics
  namespace: kube-system
spec:
  description: Allow Controller Metrics
  endpointSelector:
    matchLabels:
      k8s-app: kube-controller-manager
  ingress:
    - fromEndpoints:
        - matchLabels:
            io.kubernetes.pod.namespace: prometheus
    - toPorts:
        - ports:
            - port: "10257"
              protocol: TCP