apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: {{ .Values.name }}
  namespace: {{ .Values.namespace | default .Values.name }}
  labels:
    service: {{ .Values.name }}
spec:
  podSelector:
    matchLabels:
      service: {{ .Values.name }}
  policyTypes:
    - Ingress
    - Egress
  ingress:
    - from:
        - namespaceSelector:
            matchLabels:
              name: kube-system
      ports:
        - protocol: TCP
          port: {{ .Values.port }}
  egress: 
    - {}
    # TODO, optionally add egress restriction.
    # - to:
    #     - namespaceSelector: {}
    #       podSelector: {}
    #   ports:
    #     - protocol: TCP
    #       port: 53
    #     - protocol: UDP
    #       port: 53