# yaml-language-server: $schema=https://ks.hsn.dev/cilium.io/ciliumclusterwidenetworkpolicy_v2.json --- apiVersion: cilium.io/v2 kind: CiliumClusterwideNetworkPolicy metadata: name: api-server spec: nodeSelector: # apply to master nodes matchLabels: node-role.kubernetes.io/control-plane: 'true' ingress: # load balancer -> api server - fromCIDR: - 167.235.217.82/32 toPorts: - ports: - port: '6443' protocol: TCP egress: # api server -> kubelet - toEntities: - remote-node toPorts: - ports: - port: '10250' protocol: TCP