apiVersion: cilium.io/v2 kind: CiliumNetworkPolicy metadata: name: allow-same-namespace-ingress spec: endpointSelector: {} # All pods in this namespace ingress: - fromEndpoints: - matchExpressions: - key: k8s:io.kubernetes.pod.namespace operator: In values: - cloud-limbosolutions-com --- apiVersion: cilium.io/v2 kind: CiliumNetworkPolicy metadata: name: allow-traefik-to-nextcloud-ingress spec: endpointSelector: matchLabels: app.kubernetes.io/name: nextcloud ingress: # ------------------------------------------------------------- # Allow Traefik (internal and public) to reach nextcloud web port # ------------------------------------------------------------- - fromEndpoints: - matchLabels: app.kubernetes.io/name: traefik matchExpressions: - key: k8s:io.kubernetes.pod.namespace operator: In values: - traefik - traefik-public toPorts: - ports: - port: "80" protocol: TCP --- apiVersion: cilium.io/v2 kind: CiliumNetworkPolicy metadata: name: allow-traefik-to-onlyoffice-ingress spec: endpointSelector: matchLabels: app: onlyoffice ingress: # ------------------------------------------------------------- # Allow Traefik (internal and public) to reach onlyoffice web port # ------------------------------------------------------------- - fromEndpoints: - matchLabels: app.kubernetes.io/name: traefik matchExpressions: - key: k8s:io.kubernetes.pod.namespace operator: In values: - traefik - traefik-public toPorts: - ports: - port: "80" protocol: TCP --- apiVersion: cilium.io/v2 kind: CiliumNetworkPolicy metadata: name: allow-traefik-to-whiteboard-ingress spec: endpointSelector: matchLabels: app: nextcloud-whiteboard ingress: # ------------------------------------------------------------- # Allow Traefik (internal and public) to reach whiteboard ws # ------------------------------------------------------------- - fromEndpoints: - matchLabels: app.kubernetes.io/name: traefik matchExpressions: - key: k8s:io.kubernetes.pod.namespace operator: In values: - traefik - traefik-public toPorts: - ports: - port: "3002" protocol: TCP