# yaml-language-server: $schema=https://ks.hsn.dev/cilium.io/ciliumclusterwidenetworkpolicy_v2.json
---
apiVersion: cilium.io/v2
kind: CiliumClusterwideNetworkPolicy
metadata:
  name: api-server
spec:
  nodeSelector:
    # apply to master nodes
    matchLabels:
      node-role.kubernetes.io/control-plane: 'true'
  ingress:
  # load balancer -> api server
  - fromCIDR:
    - 167.235.217.82/32
    toPorts:
    - ports:
      - port: '6443'
        protocol: TCP
  egress:
  # api server -> kubelet
  - toEntities:
    - remote-node
    toPorts:
    - ports:
      - port: '10250'
        protocol: TCP