{{- if and .Values.prometheusOperator.networkPolicy.enabled (eq .Values.prometheusOperator.networkPolicy.flavor "cilium") }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
  name: {{ template "kube-prometheus-stack.operator.fullname" . }}
  namespace: {{ template "kube-prometheus-stack.namespace" . }}
  labels:
    {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
spec:
  endpointSelector:
    matchLabels:
      {{- if .Values.prometheusOperator.networkPolicy.matchLabels }}
      app: {{ template "kube-prometheus-stack.name" . }}-operator
      {{ toYaml .Values.prometheusOperator.networkPolicy.matchLabels | nindent 6 }}
      {{- else }}
      {{- include "kube-prometheus-stack.prometheus-operator.labels" $ | nindent 6 }}
      {{- end }}
  egress:
    {{- if and .Values.prometheusOperator.networkPolicy.cilium .Values.prometheusOperator.networkPolicy.cilium.egress }}
    {{ toYaml .Values.prometheusOperator.networkPolicy.cilium.egress | nindent 6 }}
    {{- else }}
  - toEntities:
    - kube-apiserver
  {{- end }}
  ingress:
  - toPorts:
    - ports:
      {{- if .Values.prometheusOperator.tls.enabled }}
      - port: {{ .Values.prometheusOperator.tls.internalPort | quote }}
      {{- else }}
      - port: "8080"
      {{- end }}
        protocol: "TCP"
      {{- if not .Values.prometheusOperator.tls.enabled }}
      rules:
        http:
        - method: "GET"
          path: "/metrics"
      {{- end }}
{{- end }}