apiVersion: cilium.io/v2 kind: CiliumNetworkPolicy metadata: name: thelounge namespace: irc spec: endpointSelector: matchLabels: app.kubernetes.io/name: thelounge ingress: - fromEndpoints: - matchLabels: k8s:io.kubernetes.pod.namespace: gateway-system k8s:gateway.networking.k8s.io/gateway-name: external toPorts: - ports: - port: "9000" protocol: TCP - fromEntities: - host toPorts: - ports: - port: "9000" protocol: TCP egress: - toEndpoints: - matchLabels: k8s:io.kubernetes.pod.namespace: kube-system k8s:k8s-app: kube-dns toPorts: - ports: - port: "53" protocol: ANY rules: dns: - matchPattern: "*" - toEndpoints: - matchLabels: k8s:io.kubernetes.pod.namespace: auth k8s:app.kubernetes.io/name: authentik-outpost-ldap k8s:goauthentik.io/outpost-type: ldap toPorts: - ports: - port: "389" protocol: TCP - toEndpoints: - matchLabels: k8s:io.kubernetes.pod.namespace: irc k8s:app.kubernetes.io/name: znc toPorts: - ports: - port: "6501" protocol: TCP - toFQDNs: - matchName: "irc.passthepopcorn.me" toPorts: - ports: - port: "6697" protocol: TCP