apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
  name: allow-kube-api
  namespace: sealed-secrets
spec:
  egress:
    - toEntities:
        - kube-apiserver
    - toPorts:
        - ports:
            - port: "6443"
              protocol: TCP
  endpointSelector:
    matchLabels:
      app.kubernetes.io/instance: sealed-secrets