git.limbosolutions.com/deploy/infra/network-policy-egress.yaml

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: git-limbosolutions-com-egress
  namespace: git-limbosolutions-com
spec:
  podSelector: {}   # apply to all pods in the namespace
  policyTypes:
    - Egress
  egress:
      # Allow DNS to kube-system
    - to:
        - namespaceSelector:
            matchLabels:
              kubernetes.io/metadata.name: kube-system
      ports:
        - protocol: UDP
          port: 53

    # allow namespace communication
    - to: 
        - namespaceSelector: 
            matchLabels: 
              kubernetes.io/metadata.name: git-limbosolutions-com
          podSelector: {}

    # allow backup server
    - to:
        - ipBlock:
            cidr: 192.168.0.251/32
    
    # Allow all egress EXCEPT private networks
    - to:
        - ipBlock:
            cidr: 0.0.0.0/0 # first allow everything
            except: # remove local network (so it means blocking, cidr is allowing everything )
              - 10.0.0.0/8
              - 172.16.0.0/12
              - 192.168.0.0/16
              - 169.254.0.0/16
              - 127.0.0.0/8
              - 224.0.0.0/4
              - 240.0.0.0/4