{{- if .Values.networkPolicy.enabled }}
kind: NetworkPolicy
apiVersion: {{ template "postgresql.networkPolicy.apiVersion" . }}
metadata:
  name: "{{ template "postgresql.fullname" . }}"
  labels:
    app: {{ template "postgresql.fullname" . }}
    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
    release: "{{ .Release.Name }}"
    heritage: "{{ .Release.Service }}"
spec:
  podSelector:
    matchLabels:
      app: "{{ template "postgresql.fullname" . }}"
  ingress:
    # Allow inbound connections
    - ports:
      - port: 5432
    {{- if not .Values.networkPolicy.allowExternal }}
      from:
      - podSelector:
          matchLabels:
            {{ template "postgresql.fullname" . }}-client: "true"
    {{- end }}
    # Allow prometheus scrapes
    - ports:
      - port: 9187
{{- end }}