apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-deny-ingress
  namespace: agentmon
spec:
  podSelector: {}
  policyTypes:
    - Ingress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-web-ui-to-query-api
  namespace: agentmon
spec:
  podSelector:
    matchLabels:
      app: query-api
  policyTypes: [Ingress]
  ingress:
    - from:
        - podSelector:
            matchLabels:
              app: web-ui
      ports:
        - protocol: TCP
          port: 8081
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-query-api-to-postgres
  namespace: agentmon
spec:
  podSelector:
    matchLabels:
      app: postgres
  policyTypes: [Ingress]
  ingress:
    - from:
        - podSelector:
            matchLabels:
              app: query-api
        - podSelector:
            matchLabels:
              app: event-processor
      ports:
        - protocol: TCP
          port: 5432
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-ingest-to-nats
  namespace: agentmon
spec:
  podSelector:
    matchLabels:
      app: nats
  policyTypes: [Ingress]
  ingress:
    - from:
        - podSelector:
            matchLabels:
              app: ingest-gateway
        - podSelector:
            matchLabels:
              app: event-processor
      ports:
        - protocol: TCP
          port: 4222