kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  name: allow-from-pg-operator-to-pg
spec:
  podSelector:
    matchLabels:
      application: spilo
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          name: postgres-operator
---
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  name: allow-to-web-pods
spec:
  podSelector:
    matchLabels:
      app.kubernetes.io/component: app
  ingress:
  - {}
---
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  name: allow-to-app-pods
spec:
  podSelector:
    matchLabels:
      app.kubernetes.io/component: web
  ingress:
  - {}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-to-acme-pods
spec:
  ingress:
    - {}
  podSelector:
    matchLabels:
      acme.cert-manager.io/http01-solver: "true"
---
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  name: allow-from-same-namespace
spec:
  podSelector: {}
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          name: ${NS}
  policyTypes:
  - Ingress
---
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  name: default-deny-all
spec:
  podSelector: {}
  policyTypes:
  - Ingress