Hi Guys, some help if is possibile, I have below manifest

{{- if .Capabilities.APIVersions.Has "<http://cilium.io/v2|cilium.io/v2>" }}

apiVersion: <http://cilium.io/v2|cilium.io/v2>

kind: CiliumNetworkPolicy

metadata:

name: allow-egress-from-cattle-cluster-agent-to-whitelisted-urls

namespace: cattle-system

spec:

endpointSelector:

matchLabels:

app: cattle-cluster-agent

ingress:

- fromEntities:

- cluster

egress:

- toFQDNs:

- matchPattern: "*.<http://k3s.tvsunknown.com|k3s.tvsunknown.com>"

- matchName: "<http://prod-eu-west-1-starport-layer-bucket.s3.eu-west-1.amazonaws.com|prod-eu-west-1-starport-layer-bucket.s3.eu-west-1.amazonaws.com>"

- toCIDR:

- 172.0.0.0/8

- 10.0.0.0/8

- 104.22.58.129/32

- 104.22.59.129/32

- toEntities:

- cluster

- toEndpoints:

- matchLabels:

k8s-app: cattle-cluster-agent

{{- end }}

it is installed with fleet properly all looks good but getting report that it is modified (Rancher version is 2.85 and Downstream Cluster is v1.26.15 +k3s1)