{{- if and .Values.prometheusOperator.networkPolicy.enabled (eq .Values.prometheusOperator.networkPolicy.flavor "cilium") }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
  name: {{ template "kube-prometheus-stack.fullname" . }}-operator
  namespace: {{ template "kube-prometheus-stack.namespace" . }}
  labels:
    app: {{ template "kube-prometheus-stack.name" . }}-operator
    {{- include "kube-prometheus-stack.labels" . | nindent 4 }}
spec:
  endpointSelector:
    matchLabels:
      app: {{ template "kube-prometheus-stack.name" . }}-operator
      {{- include "kube-prometheus-stack.labels" $ | nindent 6 }}
  egress:
  {{- if and .Values.prometheusOperator.networkPolicy.cilium .Values.prometheusOperator.networkPolicy.cilium.egress }}
    {{ toYaml .Values.prometheusOperator.networkPolicy.cilium.egress | nindent 6 }}
  {{- else }}
  - toEntities:
    - kube-apiserver
  {{- end }}
  ingress:
  - toPorts:
    - ports:
      {{- if .Values.prometheusOperator.tls.enabled }}
      - port: {{ .Values.prometheusOperator.tls.internalPort | quote }}
      {{- else }}
      - port: "8080"
      {{- end }}
        protocol: "TCP"
      rules:
        http:
        - method: "GET"
          path: "/metrics"
{{- end }}