apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-all-kube-system
  namespace: kube-system
spec:
  podSelector: {}
  ingress:
  - {}
  egress:
  - {}
  policyTypes:
  - Ingress
  - Egress
{{- if .managementCluster }}
---
apiVersion: v1
kind: Namespace
metadata:
  name: eksa-system
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-all-eksa-system
  namespace: eksa-system
spec:
  podSelector: {}
  ingress:
  - {}
  egress:
  - {}
  policyTypes:
  - Ingress
  - Egress
---
{{- if .gitopsEnabled }}
apiVersion: v1
kind: Namespace
metadata:
  name: {{ .fluxNamespace }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-all-flux-system
  namespace: {{ .fluxNamespace }}
spec:
  podSelector: {}
  ingress:
  - {}
  egress:
  - {}
  policyTypes:
  - Ingress
  - Egress
---
{{- end }}
apiVersion: v1
kind: Namespace
metadata:
  name: capi-system
---
apiVersion: v1
kind: Namespace
metadata:
  name: cert-manager
---
apiVersion: v1
kind: Namespace
metadata:
  name: capi-kubeadm-bootstrap-system
---
apiVersion: v1
kind: Namespace
metadata:
  name: capi-kubeadm-control-plane-system
---
apiVersion: v1
kind: Namespace
metadata:
  name: etcdadm-bootstrap-provider-system
---
apiVersion: v1
kind: Namespace
metadata:
  name: etcdadm-controller-system
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-all-capi-system
  namespace: capi-system
spec:
  podSelector: {}
  ingress:
  - {}
  egress:
  - {}
  policyTypes:
  - Ingress
  - Egress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-all-cert-manager
  namespace: cert-manager
spec:
  podSelector: {}
  ingress:
  - {}
  egress:
  - {}
  policyTypes:
  - Ingress
  - Egress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-all-capi-kubeadm-bootstrap-system
  namespace: capi-kubeadm-bootstrap-system
spec:
  podSelector: {}
  ingress:
  - {}
  egress:
  - {}
  policyTypes:
  - Ingress
  - Egress

---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-all-capi-kubeadm-control-plane-system
  namespace: capi-kubeadm-control-plane-system
spec:
  podSelector: {}
  ingress:
  - {}
  egress:
  - {}
  policyTypes:
  - Ingress
  - Egress

---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-all-etcdadm-bootstrap-provider-system
  namespace: etcdadm-bootstrap-provider-system
spec:
  podSelector: {}
  ingress:
  - {}
  egress:
  - {}
  policyTypes:
  - Ingress
  - Egress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-all-etcdadm-controller-system
  namespace: etcdadm-controller-system
spec:
  podSelector: {}
  ingress:
  - {}
  egress:
  - {}
  policyTypes:
  - Ingress
  - Egress
---
{{- range $providerNamespace := .providerNamespaces }}
apiVersion: v1
kind: Namespace
metadata:
  name: {{ $providerNamespace }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-all-{{ $providerNamespace }}
  namespace: {{ $providerNamespace }}
spec:
  podSelector: {}
  ingress:
  - {}
  egress:
  - {}
  policyTypes:
  - Ingress
  - Egress
---
{{- end }}
{{- end }}