From 508d0b25de541c92acd266530e38ee78f773b688 Mon Sep 17 00:00:00 2001
From: Chris Werner Rau <cwr@teuto.net>
Date: Tue, 11 Mar 2025 10:19:09 +0100
Subject: [PATCH] feat(base-cluster): use new networkPolicy template

---
 charts/base-cluster/templates/_helpers.tpl           | 12 ------------
 .../templates/cert-manager/ciliumNetworkPolicy.yaml  |  9 +--------
 2 files changed, 1 insertion(+), 20 deletions(-)

diff --git a/charts/base-cluster/templates/_helpers.tpl b/charts/base-cluster/templates/_helpers.tpl
index a2cfcb221e..706451403a 100644
--- a/charts/base-cluster/templates/_helpers.tpl
+++ b/charts/base-cluster/templates/_helpers.tpl
@@ -1,15 +1,3 @@
-{{- define "common.networkPolicy.type" -}}
-  {{- if eq .Values.global.networkPolicy.type "auto" -}}
-    {{- if .Capabilities.APIVersions.Has "cilium.io/v2/CiliumNetworkPolicy" -}}
-      cilium
-    {{- else -}}
-      none
-    {{- end -}}
-  {{- else -}}
-    {{- .Values.global.networkPolicy.type -}}
-  {{- end -}}
-{{- end -}}
-
 {{- define "common.dict.filterEmptyValues" -}}
   {{- $out := dict -}}
   {{- range $key, $value := . -}}
diff --git a/charts/base-cluster/templates/cert-manager/ciliumNetworkPolicy.yaml b/charts/base-cluster/templates/cert-manager/ciliumNetworkPolicy.yaml
index 4f5ad694a9..7681e67073 100644
--- a/charts/base-cluster/templates/cert-manager/ciliumNetworkPolicy.yaml
+++ b/charts/base-cluster/templates/cert-manager/ciliumNetworkPolicy.yaml
@@ -49,14 +49,7 @@ spec:
     matchLabels:
       app.kubernetes.io/name: webhook
       app.kubernetes.io/instance: cert-manager
-  ingress:
-    - fromEntities:
-        - kube-apiserver
-        - remote-node
-      toPorts:
-        - ports:
-            - port: "10250"
-              protocol: TCP
+  ingress: {{- include "common.networkPolicy.rule.from.kube-apiserver" (dict "ports" (dict "10250" "TCP") "cilium" true) | nindent 4 }}
     - fromEntities:
         - health
       toPorts: