apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
  name: allow-ingress
  namespace: bytestash
spec:
  description: "Allow external traffic from the shared Cilium edge proxy into the bytestash service"
  endpointSelector:
    matchLabels:
      app: bytestash
  ingress:
    - fromEntities:
        - ingress
    - fromEndpoints:
        - matchLabels:
            io.kubernetes.pod.namespace: cilium-ingress
      toPorts:
        - ports:
            - port: "80"
              protocol: TCP
            - port: "5000"
              protocol: TCP