kind: CiliumNetworkPolicy
apiVersion: cilium.io/v2
metadata:
  name: {{.name}}
  namespace: {{.namespace}}
  labels: "{{ .labels | toYaml | nindent 4 }}"
spec:
  endpointSelector:
    {{ .selector }}
  {{- if .from }}
  ingress:
  - fromEntities:
    - kube-apiserver
    # See https://github.com/cilium/cilium/issues/35401
    - remote-node
  {{- end }}
  {{- if .to }}
  egress:
  - toEntities:
      - kube-apiserver
  - toPorts:
      - ports:
          - port: "6443"
            protocol: TCP
  {{- end }}