apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
  name: allow-dns-world
  namespace: kube-system
spec:
  description: Allow DNS World
  egress:
    - toCIDR:
        - 8.8.8.8/32
        - 172.31.254.11/32
        - 1.1.1.1/32
      toPorts:
        - ports:
            - port: "53"
              protocol: UDP
          rules:
            dns:
              - matchPattern: '*'
    - toEntities:
        - world
      toPorts:
        - ports:
            - port: "53"
              protocol: UDP
          rules:
            dns:
              - matchPattern: '*'
  endpointSelector:
    matchLabels:
      k8s-app: kube-dns