apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
  name: allow-api-server-to-cert-manager
  namespace: cert-manager
spec:
  description: Allow the API server to communicate with the cert-manager pods
  endpointSelector:
    matchLabels:
      app.kubernetes.io/instance: cert-manager
  ingress:
    - fromEntities:
        - remote-node