---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: trivy-in
  namespace: avroid-prod
  labels:
    app.kubernetes.io/managed-by: argocd
spec:
  podSelector:
    matchLabels:
      app.kubernetes.io/name: trivy
  policyTypes:
    - Ingress
  ingress:
    - from:
        - namespaceSelector:
            matchLabels:
              kubernetes.io/metadata.name: ingress-nginx
    - ports:
        - port: 4954
          protocol: TCP
# https://aquasecurity.github.io/trivy-operator/v0.23.0/getting-started/installation/troubleshooting/#installing-the-operator-in-a-namespace-with-default-deny-all-egressingress-network-policies
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: trivy-in-4954
  namespace: avroid-prod
  labels:
    app.kubernetes.io/managed-by: argocd
spec:
  podSelector:
    matchLabels:
      app.kubernetes.io/name: trivy
  policyTypes:
    - Ingress
  ingress:
    - ports:
        - port: 4954
          protocol: TCP
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: trivy-out
  namespace: avroid-prod
  labels:
    app.kubernetes.io/managed-by: argocd
spec:
  podSelector: {}
  policyTypes:
    - Egress
  ingress: []
  egress:
    - ports:
        - port: 443
          protocol: TCP
        - port: 80
          protocol: TCP