# yaml-language-server: $schema=https://ks.hsn.dev/cilium.io/ciliumclusterwidenetworkpolicy_v2.json
---
apiVersion: cilium.io/v2
kind: CiliumClusterwideNetworkPolicy
metadata:
  name: kubelet
spec:
  nodeSelector:
    # apply to all nodes
    matchLabels: {}
  ingress:
  # api server -> kubelet
  - fromEntities:
    - kube-apiserver
    toPorts:
    - ports:
      - port: '10250'
        protocol: TCP
  egress:
  # kubelet -> load balancer
  - toCIDR:
    - 167.235.217.82/32
    toEntities:
      - host
    toPorts:
    - ports:
      - port: '6443'
        protocol: TCP