apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: apod-web
  labels:
    kubernetes.courselabs.co: networkpolicy
spec:
  podSelector:
    matchLabels:
      app: apod-web

  ingress:
  - {} # allow all

  egress:
  - to:
    - podSelector:
        matchLabels:
          app: apod-api
    - podSelector:
        matchLabels:
          app: apod-log
    ports:
    - port: api 
  
  - to:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: kube-system
      podSelector:
        matchLabels:
          k8s-app: kube-dns
    ports:
    - protocol: TCP
      port: 53
    - protocol: UDP
      port: 53