tele-mcp/helm/mcp-telemetry-bridge/templates/networkpolicy.yaml

{{- if .Values.networkPolicy.enabled }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: mcp-telemetry-bridge-deny-all
spec:
  podSelector:
    matchLabels:
      app: mcp-telemetry-bridge
  policyTypes: ["Ingress","Egress"]
  ingress:
  - {}  # allow same-namespace by default; tighten as needed
  egress:
  - to:
    - namespaceSelector: {}
    ports:
    - protocol: TCP
      port: 9090  # Prometheus
    - protocol: TCP
      port: 3100  # Loki
{{- end }}