apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
    name: allow-common-egress
    namespace: argocd
spec:
    podSelector: {}
    policyTypes: ["Egress"]
    egress:
        # Allow DNS to kube-dns/CoreDNS in kube-system
        - to:
              - namespaceSelector:
                    matchLabels:
                        kubernetes.io/metadata.name: kube-system
          ports:
              - { protocol: UDP, port: 53 }
              - { protocol: TCP, port: 53 }

        # Allow PostgreSQL to services/pods in namespace ai on 5432
        - to:
              - namespaceSelector:
                    matchLabels:
                        kubernetes.io/metadata.name: ai
          ports:
              - { protocol: TCP, port: 5432 }