---
{{- define "peer" }}
      - podSelector:
          matchLabels: {{ .MatchLabels | toYaml | nindent 12 }}
        namespaceSelector:
          matchLabels:
            kubernetes.io/metadata.name: {{ .Namespace }}
        {{- if .Ports }}
        ports:
          # TODO: add protocol
          {{- range $port := .Ports }}
          - port: {{ $port }}
          {{- end }}
        {{- end }}
{{- end }}
-
  {{- define "ports" }}
    {{- range $port := . }}
    PORT {{ $port }}
    {{- end }}
  {{- end }}


kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  name: "{{.app.Name}}"
  namespace: "{{.app.Namespace}}"
  labels: {{ .labels | toYaml | nindent 4 }}
spec:
  podSelector: {{ .app.MatchLabels | toYaml | nindent 4 }}
  policyTypes:
    {{- if or .ingress.Applications .ingress.Networks }}
    - Ingress
    {{- end }}
    {{- if or .egress.Applications .egress.Networks }}
    - Egress
    {{- end }}

  {{- if or .ingress.Applications .ingress.Networks }}
  ingress:
    from:
      {{- range $ingress := .ingress.Applications }}
        {{- template "peer" $ingress }}
        {{- template "ports" $ingress.Ports }}
      {{- end }}
      {{- range $ingress := .ingress.Networks }}
      - ipBlock:
          cidr: {{ $ingress.CIDR}}
          except:
          {{- range $except := $ingress.Except }}
          - {{ $except }}
          {{- end }}
      {{- end }}
  {{- end }}
    THEEND