apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: irc
  namespace: irc
spec:
  podSelector:
    matchExpressions:
      - key: app.kubernetes.io/name
        operator: In
        values:
          - znc
          - thelounge

  policyTypes:
    - Ingress
    - Egress

  ingress:
    # Allow traffic only from pods in the same namespace
    - from:
        - podSelector: {}

  egress:
    # Allow traffic to pods in the same namespace
    - to:
        - podSelector: {}

    # Allow traffic to public internet (RFC1918 explicitly blocked)
    - to:
        - ipBlock:
            cidr: 0.0.0.0/0
            except:
              - 10.0.0.0/8
              - 172.16.0.0/12
              - 192.168.0.0/16