manifests/policy/allow-common-egress.yaml

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
    name: allow-common-egress
    namespace: argocd
spec:
    podSelector: {}
    policyTypes: ["Egress"]
    egress:
        # Allow DNS to kube-dns/CoreDNS in kube-system
        - to:
              - namespaceSelector:
                    matchLabels:
                        kubernetes.io/metadata.name: kube-system
          ports:
              - { protocol: UDP, port: 53 }
              - { protocol: TCP, port: 53 }

        # Allow PostgreSQL to services/pods in namespace ai on 5432
        - to:
              - namespaceSelector:
                    matchLabels:
                        kubernetes.io/metadata.name: ai
          ports:
              - { protocol: TCP, port: 5432 }
why 2025-09-13 21:15:35 -04:00			`apiVersion: networking.k8s.io/v1`
			`kind: NetworkPolicy`
			`metadata:`
			`name: allow-common-egress`
A 2025-09-13 22:31:18 -04:00			`namespace: argocd`
why 2025-09-13 21:15:35 -04:00			`spec:`
			`podSelector: {}`
			`policyTypes: ["Egress"]`
			`egress:`
			`# Allow DNS to kube-dns/CoreDNS in kube-system`
			`- to:`
			`- namespaceSelector:`
			`matchLabels:`
			`kubernetes.io/metadata.name: kube-system`
			`ports:`
			`- { protocol: UDP, port: 53 }`
			`- { protocol: TCP, port: 53 }`

			`# Allow PostgreSQL to services/pods in namespace ai on 5432`
			`- to:`
			`- namespaceSelector:`
			`matchLabels:`
			`kubernetes.io/metadata.name: ai`
			`ports:`
			`- { protocol: TCP, port: 5432 }`