{{- include "nplus.init" $ -}}
{{- if ((.this.security).cni).createNetworkPolicy }}
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  name: {{ .component.fullName }}
  {{- if .this.utils.includeNamespace }}
  namespace: {{ .Release.Namespace }}
  {{- end }}
  labels:
    {{- include "nplus.instanceLabels" . | nindent 4 }}
  annotations:
    {{- include "nplus.argoWave" . | nindent 4 }}
    {{- include "nplus.annotations" . | nindent 4 }}
    {{- include "nplus.securityAnnotations" . | nindent 4 }}
spec:
  podSelector:
    matchLabels:
    {{- include "nplus.selectorLabels" . | nindent 6 }}

  policyTypes:
  - Egress

  egress:
  - ports:
    # -- Allow https access for downloading
    - protocol: TCP
      port: 443
    # -- Allow http access for downloading
    - protocol: TCP
      port: 80
    # -- Allow access to DNS
    - protocol: TCP
      port: 53
    # -- Allow access to DNS
    - protocol: UDP
      port: 53
{{- end }}