{{- with .Values.networkPolicy }}
{{- if .enabled }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: {{ include "ocrserver.fullname" $ }}
  labels:
    {{- include "ocrserver.labels" $ | nindent 4 }}
spec:
  podSelector:
    matchLabels:
      {{- include "ocrserver.selectorLabels" $ | nindent 6 }}
      app.kubernetes.io/component: server
  policyTypes:
    - Ingress
    {{- if .egress.enabled }}
    - Egress
    {{- end }}
  ingress:
    {{- with .ingress.http }}
    - ports:
        - port: 8080
          protocol: TCP
      from:
        {{- toYaml . | nindent 8 }}
    {{- end }}{{/* end-with .ingress.http */}}

  {{- with .egress }}
  {{- if .enabled }}
  egress:
    {{- with .extra }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  {{- end }}{{/* end-if egress.enabled */}}
  {{- end }}{{/* end-with .egress */}}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: {{ include "ocrserver.fullname" $ }}-languagedownloader
  labels:
    {{- include "ocrserver.labels" $ | nindent 4 }}
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade
    "helm.sh/hook-weight": "5"
    "helm.sh/hook-delete-policy": hook-failed
spec:
  podSelector:
    matchLabels:
      {{- include "ocrserver.selectorLabels" $ | nindent 6 }}
      app.kubernetes.io/component: languages-downloader
  policyTypes:
    - Ingress
    {{- if .egress.enabled }}
    - Egress
    {{- end }}

  {{- with .egress }}
  {{- if .enabled }}
  egress:
    {{- with .dns }}
    - ports:
        - port: 53
          protocol: UDP
      to:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .http }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
    {{- with .extra }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  {{- end }}{{/* end-if egress.enabled */}}
  {{- end }}{{/* end-with .egress */}}
{{- end }}
{{- end }}