apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
  name: allow-microsoft-sso
  namespace: kube-system
spec:
  description: Allow Microsoft SSO
  egress:
    - toFQDNs:
        - matchName: login.microsoftonline.com
        - matchPattern: '*.microsoftonline.com'
        - matchName: graph.microsoft.com
  endpointSelector:
    matchLabels:
      k8s-app: oauth2-proxy