apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: {{ .Values.name }}
  namespace: {{ .Values.namespace | default .Values.name }}
  labels:
    service: {{ .Values.name }}
spec:
  podSelector:
    matchLabels:
      service: {{ .Values.name }}
  policyTypes:
    - Ingress
  ingress:
    - from:
        - namespaceSelector:
            matchLabels:
              name: kube-system
      # ports:
      #   - protocol: TCP
      #     port: {{ .Values.port }}
  # egress: 
    # TODO, optionally add egress restriction.
    # - to:
    #     - namespaceSelector: {}
    #       podSelector: {}
    #   ports:
    #     - protocol: TCP
    #       port: 53
    #     - protocol: UDP
    #       port: 53
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-network-dns-policy
  namespace: {{ .Values.namespace | default .Values.name }}
spec:
  ingress:
  - ports:
    - port: 53
      protocol: TCP
    - port: 53
      protocol: UDP
  podSelector:
    matchLabels:
      k8s-app: kube-dns
  policyTypes:
    - Ingress