From ea0ca82feb113ac467110ec692a456466c503d27 Mon Sep 17 00:00:00 2001
From: Simon Weald <7832341+glitchcrab@users.noreply.github.com>
Date: Tue, 23 Jan 2024 13:57:50 +0000
Subject: [PATCH] add CiliumNetworkPolicy (#67)

---
 CHANGELOG.md                                    |  4 ++++
 helm/sloth/templates/cilium-network-policy.yaml | 16 ++++++++++++++++
 helm/sloth/values.schema.json                   |  8 ++++++++
 helm/sloth/values.yaml                          |  3 +++
 4 files changed, 31 insertions(+)
 create mode 100644 helm/sloth/templates/cilium-network-policy.yaml

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 04490e9..282883b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project's packages adheres to [Semantic Versioning](http://semver.org/s
 
 ## [Unreleased]
 
+### Added
+
+- Add `CiliumNetworkPolicy`.
+
 ## [1.2.1] - 2023-06-27
 
 ### Fixed
diff --git a/helm/sloth/templates/cilium-network-policy.yaml b/helm/sloth/templates/cilium-network-policy.yaml
new file mode 100644
index 0000000..efb077f
--- /dev/null
+++ b/helm/sloth/templates/cilium-network-policy.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.ciliumNetworkPolicy.enabled -}}
+apiVersion: "cilium.io/v2"
+kind: CiliumNetworkPolicy
+metadata:
+  labels:
+    {{- include "sloth.labels" . | nindent 4 }}
+  name: {{ include "sloth.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  endpointSelector:
+    matchLabels:
+      {{- include "sloth.selectorLabels" . | nindent 6 }}
+  egress:
+    - toEntities:
+        - kube-apiserver
+{{- end -}}
diff --git a/helm/sloth/values.schema.json b/helm/sloth/values.schema.json
index ee78dcc..ba79502 100644
--- a/helm/sloth/values.schema.json
+++ b/helm/sloth/values.schema.json
@@ -2,6 +2,14 @@
     "$schema": "http://json-schema.org/schema#",
     "type": "object",
     "properties": {
+        "ciliumNetworkPolicy": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                }
+            }
+        },
         "commonPlugins": {
             "type": "object",
             "properties": {
diff --git a/helm/sloth/values.yaml b/helm/sloth/values.yaml
index f6836fb..514bd83 100644
--- a/helm/sloth/values.yaml
+++ b/helm/sloth/values.yaml
@@ -5,6 +5,9 @@ image:
   repository: giantswarm/sloth
   tag: v0.11.0
 
+ciliumNetworkPolicy:
+  enabled: true
+
 # -- Container resources: requests and limits for CPU, Memory
 resources:
   limits: