{{- if .Values.container.enabled -}}
{{- if .Values.container.networkPolicy.enabled -}}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: {{ include "falcon-sensor.fullname" . }}-default-deny-ingress
  namespace: {{ .Release.Namespace }}
  labels:
    app: {{ include "falcon-sensor.name" . }}
    app.kubernetes.io/name: {{ include "falcon-sensor.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    app.kubernetes.io/component: "container_sensor"
    crowdstrike.com/provider: crowdstrike
    helm.sh/chart: {{ include "falcon-sensor.chart" . }}
spec:
  podSelector: {}
  policyTypes:
  - Ingress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: {{ include "falcon-sensor.fullname" . }}-network-policy
  namespace: {{ .Release.Namespace }}
  labels:
    app: {{ include "falcon-sensor.name" . }}
    app.kubernetes.io/name: {{ include "falcon-sensor.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    app.kubernetes.io/component: "container_sensor"
    crowdstrike.com/provider: crowdstrike
    helm.sh/chart: {{ include "falcon-sensor.chart" . }}
spec:
  ingress:
  - from:
    - podSelector:
        matchLabels:
          component: apiserver
          provider: kubernetes
  podSelector: {}
  policyTypes:
  - Ingress
{{- end -}}
{{- end -}}