{{- if .Values.networkPolicy.enabled }} apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: mcp-telemetry-bridge-deny-all spec: podSelector: matchLabels: app: mcp-telemetry-bridge policyTypes: ["Ingress","Egress"] ingress: - {} # allow same-namespace by default; tighten as needed egress: - to: - namespaceSelector: {} ports: - protocol: TCP port: 9090 # Prometheus - protocol: TCP port: 3100 # Loki {{- end }}