{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumClusterwideNetworkPolicy
metadata:
  name: allow-namespace-traffic
spec:
  description: "Allow all traffic within a namespace, allow dns, allow egress to all entities in cluster"
  endpointSelector: {}
  ingress:
    - fromEndpoints:
      - matchExpressions:
        - key: io.kubernetes.pod.namespace
          operator: Exists
  egress:
    - toEndpoints:
      - matchExpressions:
        - key: io.kubernetes.pod.namespace
          operator: Exists
    - toEndpoints:
        - matchLabels:
            io.kubernetes.pod.namespace: kube-system
            k8s-app: kube-dns
      toPorts:
        - ports:
            - port: "53"
              protocol: UDP
          rules:
            dns:
              - matchPattern: "*"
{{- end }}