apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: {? {.Values.name: ''} : ''}
  namespace: {? {.Values.namespace | default .Values.name: ''} : ''}
  labels:
    service: {? {.Values.name: ''} : ''}
spec:
  podSelector:
    matchLabels:
      service: {? {.Values.name: ''} : ''}
  policyTypes:
    - Ingress
    - Egress
  ingress:
    - from:
        - namespaceSelector:
            matchLabels:
              name: ingress-nginx
      ports:
        - protocol: TCP
          port: {? {.Values.port: ''} : ''}
  egress: {}
  # TODO, optionally add egress restriction.
  # - to:
  #     - namespaceSelector: {}
  #       podSelector: {}
  #   ports:
  #     - protocol: TCP
  #       port: 53
  #     - protocol: UDP
  #       port: 53