apiVersion: cilium.io/v2
kind: CiliumClusterwideNetworkPolicy
metadata:
  name: egress-kubeapi
  namespace: kube-system
spec:
  endpointSelector:
    matchLabels:
      rpi5.cluster.policy/egress-kubeapi: "true"
  egress:
    - toEntities:
        - host
        - remote-node
      toPorts:
        - ports:
            - port: "6443"
    - toEntities:
        - kube-apiserver
      toPorts:
        - ports:
            - port: "443"
            - port: "6443"