---
# Default deny all ingress in the archmirror namespace
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-deny-ingress
  namespace: archmirror
spec:
  podSelector: {}
  policyTypes:
    - Ingress
---
# Allow Traefik ingress controller to reach nginx
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-ingress-controller
  namespace: archmirror
spec:
  podSelector:
    matchLabels:
      app: archmirror
  policyTypes:
    - Ingress
  ingress:
    - from:
        - namespaceSelector:
            matchLabels:
              kubernetes.io/metadata.name: traefik