example: add longhorn webhook server network policy yaml manifest

The traffic from/to the longhorn webhook server is the kube-apiserver.
The only way we could add restriction is to add the network policy of
the ingress port because we can't know each Kubernetes distro default
kube-apiserver Pod's label. Therefore, we can't add the label selector
in the network policy rule to restrict the traffic that comes from the
kube-apiserver is able to access to the longhorn webhook server.

Longhorn 3513

Signed-off-by: JenTing Hsiao <jenting.hsiao@suse.com>
(cherry picked from commit 769e85bc80b6351a081a79ddf83ab181cf956e23)

examples/network-policy/webhook-network-policy.yaml

@@ -0,0 +1,15 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: longhorn-webhook
+  namespace: longhorn-system
+spec:
+  podSelector:
+    matchLabels:
+      app: longhorn-webhook
+  policyTypes:
+  - Ingress
+  ingress:
+  - ports:
+    - protocol: TCP
+      port: 9443