apiVersion: cilium.io/v2
kind: CiliumClusterwideNetworkPolicy
metadata:
  name: ingress-ingress
  namespace: ingress-nginx
spec:
  endpointSelector:
    matchLabels:
      rpi5.cluster.policy/ingress-ingress: "true"
  ingress:
    - fromEndpoints:
        - matchLabels:
            io.kubernetes.pod.namespace: ingress-nginx
            app.kubernetes.io/name: ingress-nginx
            app.kubernetes.io/component: controller
---
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
  name: ingress-nginx
  namespace: ingress-nginx
spec:
  endpointSelector:
    matchLabels:
      app.kubernetes.io/name: ingress-nginx
      app.kubernetes.io/component: controller
  egress:
    - toEndpoints:
        - matchLabels:
            rpi5.cluster.policy/ingress-ingress: "true"
          matchExpressions:
            - key: io.kubernetes.pod.namespace
              operator: Exists
---
apiVersion: cilium.io/v2
kind: CiliumClusterwideNetworkPolicy
metadata:
  name: egress-ingress
  namespace: ingress-nginx
spec:
  endpointSelector:
    matchLabels:
      rpi5.cluster.policy/egress-ingress: "true"
  egress:
    - toEndpoints:
        - matchLabels:
            io.kubernetes.pod.namespace: ingress-nginx
            app.kubernetes.io/name: ingress-nginx
            app.kubernetes.io/component: controller
---
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
  name: egress-nginx
  namespace: ingress-nginx
spec:
  endpointSelector:
    matchLabels:
      app.kubernetes.io/name: ingress-nginx
      app.kubernetes.io/component: controller
  ingress:
    - fromEndpoints:
        - matchLabels:
            rpi5.cluster.policy/egress-ingress: "true"
          matchExpressions:
            - key: io.kubernetes.pod.namespace
              operator: Exists