apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
  name: allow-external-idp
spec:
  egress:
  - toFQDNs:
    - matchName: gitlab.com
    - matchPattern: '*.gitlab.com'
    - matchName: login.microsoftonline.com
    - matchName: graph.microsoft.com
    - matchName: idp.*.oceanbox.io
    - matchName: auth.*.oceanbox.io
  endpointSelector:
    matchLabels:
      app.kubernetes.io/name: cerbos