---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: rustdesk-network-policy
spec:
  podSelector:
    matchLabels:
      app: rustdesk-hbbs
  policyTypes:
  - Ingress
  - Egress
  ingress:
  # Разрешаем все входящие подключения на RustDesk порты
  - from: []
    ports:
    - protocol: TCP
      port: 21115
    - protocol: TCP
      port: 21116
    - protocol: UDP
      port: 21116
    - protocol: TCP
      port: 21118
  # Разрешаем Traefik ingress для веб-интерфейса
  - from:
    - namespaceSelector:
        matchLabels:
          name: kube-system
    ports:
    - protocol: TCP
      port: 21118
  egress:
  # Разрешаем DNS
  - to: []
    ports:
    - protocol: UDP
      port: 53
    - protocol: TCP
      port: 53
  # Разрешаем связь между HBBS и HBBR
  - to:
    - podSelector:
        matchLabels:
          app: rustdesk-hbbr
    ports:
    - protocol: TCP
      port: 21117

---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: rustdesk-hbbr-network-policy
spec:
  podSelector:
    matchLabels:
      app: rustdesk-hbbr
  policyTypes:
  - Ingress
  - Egress
  ingress:
  # Разрешаем все входящие подключения на relay порт
  - from: []
    ports:
    - protocol: TCP
      port: 21117
  # Разрешаем подключения от HBBS
  - from:
    - podSelector:
        matchLabels:
          app: rustdesk-hbbs
    ports:
    - protocol: TCP
      port: 21117
  egress:
  # Разрешаем DNS
  - to: []
    ports:
    - protocol: UDP
      port: 53
    - protocol: TCP
      port: 53