apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: {{ include "loki-stack.fullname" . }}-allow-internal
  labels:
    {{- include "loki-stack.labels" . | nindent 4 }}
spec:
  podSelector:
    matchLabels:
      {{- include "loki-stack.selectorLabels" . | nindent 6 }}
  policyTypes:
    - Ingress
    - Egress
  ingress:
    # Allow all traffic within the namespace
    - from:
        - namespaceSelector:
            matchLabels:
              kubernetes.io/metadata.name: {{ .Release.Namespace }}
  egress:
    # Allow all traffic within the namespace
    - to:
        - namespaceSelector:
            matchLabels:
              kubernetes.io/metadata.name: {{ .Release.Namespace }}
    # Allow DNS
    - to:
        - namespaceSelector: {}
      ports:
        - protocol: UDP
          port: 53
        - protocol: TCP
          port: 53