---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: rustdesk-network-policy
spec:
  podSelector:
    matchLabels:
      app: rustdesk-hbbs
  policyTypes:
  - Ingress
  - Egress
  ingress:
  # Allow all incoming connections to RustDesk ports
  - from: []
    ports:
    - protocol: TCP
      port: 21115
    - protocol: TCP
      port: 21116
    - protocol: UDP
      port: 21116
  egress:
  # Allow DNS
  - to: []
    ports:
    - protocol: UDP
      port: 53
    - protocol: TCP
      port: 53
  # Allow communication between HBBS and HBBR
  - to:
    - podSelector:
        matchLabels:
          app: rustdesk-hbbr
    ports:
    - protocol: TCP
      port: 21117

---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: rustdesk-hbbr-network-policy
spec:
  podSelector:
    matchLabels:
      app: rustdesk-hbbr
  policyTypes:
  - Ingress
  - Egress
  ingress:
  # Allow all incoming connections to relay port
  - from: []
    ports:
    - protocol: TCP
      port: 21117
  # Allow connections from HBBS
  - from:
    - podSelector:
        matchLabels:
          app: rustdesk-hbbs
    ports:
    - protocol: TCP
      port: 21117
  egress:
  # Allow DNS
  - to: []
    ports:
    - protocol: UDP
      port: 53
    - protocol: TCP
      port: 53