rules appear to be working.

cmd/policygen/main.go

@@ -76,5 +76,8 @@ func main() {
 		},
 	}
 
-	cmd.Execute()
+	err = cmd.Execute()
+	if err != nil {
+		os.Exit(1)
+	}
 }

cmd/policygen/templates/netpol/namespace/jaeger.yaml

@@ -0,0 +1,17 @@
+{{- if not .Open }}
+---
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: allow-jaeger # required for OCSP
+  namespace: {{ .Name }}
+spec:
+  podSelector: {}
+  policyTypes:
+    - Egress
+  egress:
+    - to:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: observability
+  {{- end }}

cmd/policygen/templates/netpol/namespace/linkerd.yaml

@@ -24,7 +24,6 @@ spec:
         - namespaceSelector:
             matchLabels:
               kubernetes.io/metadata.name: monitoring
-          # podSelector prometheus
   egress:
     - to:
         - namespaceSelector:

cmd/policygen/templates/netpol/namespace/monitored.yaml

@@ -1,5 +1,6 @@
 {{- if not .Open }}
-
+---
+kind: NetworkPolicy
 apiVersion: networking.k8s.io/v1
 metadata:
   name: allow-monitoring

cmd/policygen/templates/netpol/namespace/namespace.yaml

@@ -1,6 +1,6 @@
 
-{{- if not .Open }}
 ---
+{{- if not .Open }}
 kind: NetworkPolicy
 apiVersion: networking.k8s.io/v1
 metadata:

cmd/policygen/templates/netpol/pod/pod.yaml

@@ -24,6 +24,7 @@
 {{- end }}
 {{- define "networks" }}
       {{- range .Networks }}
+  {{- if .Network.CIDR }}
   - {{.Rule}}:
       # {{ .Network.Name }}
       - ipBlock:
@@ -32,8 +33,13 @@
           {{- range $except := .Network.Except }}
           - {{ $except }}
   {{- end }}
+  {{- end }}
   {{- if .Ports }}
+  {{- if .Network.CIDR }}
     ports:
+  {{- else }}
+  - ports:
+  {{- end }}
   {{- template "ports" .Ports }}
   {{- end }}
 {{- end }}