apiVersion: cilium.io/v2
kind: CiliumClusterwideNetworkPolicy
metadata:
  name: allow-atlantis-services
  namespace: {{ .Release.Namespace }}
spec:
  egress:
  - toEndpoints:
    - matchLabels:
        k8s:io.kubernetes.pod.namespace: dapr-system
  - toEndpoints:
    - matchLabels:
        k8s:io.kubernetes.pod.namespace: {{ .Values.rabbitmq.namespace | default "rabbitmq" }}
  - toEndpoints:
    - matchLabels:
        k8s:io.kubernetes.pod.namespace: {{ .Values.tracing.namespace | default "otel" }}
  - toFQDNs:
    - matchName: dapr.github.io
    - matchName: analytics.loft.rocks
    # - matchName: gitlab.com
    # - matchName: api.github.com
    - matchPattern: "*.k1.itpartner.no"
    - matchPattern: '*.oceanbox.io'
    # - matchPattern: '*.gitlab.com'
  endpointSelector:
    matchLabels: {}