apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
  name: allow-dns
  namespace: kube-system
spec:
  description: Allow DNS
  endpointSelector:
    matchLabels:
      k8s-app: kube-dns
  ingress:
    - fromEndpoints:
        - matchExpressions:
            - key: io.kubernetes.pod.namespace
              operator: Exists
      toPorts:
        - ports:
            - port: "53"
              protocol: UDP