---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: gitea-sonarqube-bot-in
  namespace: avroid-prod
  labels:
    app.kubernetes.io/managed-by: manually
spec:
  podSelector:
    matchLabels:
      app.kubernetes.io/name: gitea-sonarqube-bot
  policyTypes:
    - Ingress
  ingress:
    - from:
        - namespaceSelector:
            matchLabels:
              kubernetes.io/metadata.name: ingress-nginx
    - ports:
        - port: 3000
          protocol: TCP
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: gitea-sonarqube-bot-out
  namespace: avroid-prod
  labels:
    app.kubernetes.io/managed-by: manually
spec:
  podSelector:
    matchLabels:
      app.kubernetes.io/name: gitea-sonarqube-bot
  policyTypes:
    - Egress
  ingress: []
  egress:
    - to:
        - ipBlock:
            # office-balancer.avroid.tech
            cidr: 10.2.16.2/32
      ports:
        - port: 443
          protocol: TCP