apiVersion: "cilium.io/v2"
kind: CiliumNetworkPolicy
metadata:
  name: allow-kubeapi
  namespace: woodpecker
spec:
  endpointSelector:
    matchLabels:
      app.kubernetes.io/name: agent
  egress:
  - toEntities:
    - kube-apiserver
  - toPorts:
    - ports:
      - port: "6443"
        protocol: TCP