# This network policy allows ingress from the CNP operator
# installed in namespace postgresql-operator-system into the pods corresponding
# to a cluster named cluster-example
# NOTE: in OpenShift the default namespace for the operator is openshift-operators
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-operator
spec:
  podSelector:
    matchLabels:
      cnpg.io/cluster: cluster-example # The label value must be the cluster name
  ingress:
    - from:
        - namespaceSelector:
            matchLabels:
              kubernetes.io/metadata.name: postgresql-operator-system # Or on OpenShift: openshift-operators
          podSelector:
            matchLabels:
              app.kubernetes.io/name: cloud-native-postgresql # Matches the Operator pod
      ports:
        - port: 8000
        - port: 5432