apiVersion: v1
kind: Namespace
metadata:
  name: restricted
 
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: mynp
  namespace: restricted
spec:
  podSelector:
    matchLabels:
      target: "yes"
  policyTypes:
  - Ingress
  - Egress
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: default
      podSelector:
        matchLabels:
          access: "yes"
    ports:
    - protocol: TCP
      port: 80
  egress:
  - {}
 
---
apiVersion: v1
kind: Pod
metadata:
  name: nginx
  namespace: restricted
  labels:
    target: "yes"
spec:
  containers:
    - name: nginx
      image: nginx
      ports:
        - containerPort: 80
 
---
apiVersion: v1
kind: Pod
metadata:
  name: sleepybox1
  namespace: default
  labels:
    access: "yes"
spec:
  containers:
    - name: busybox
      image: busybox
      args:
        - sleep
        - "3600"
 
---
apiVersion: v1
kind: Pod
metadata:
  name: sleepybox2
  namespace: default
  labels:
    access: "noway"
spec:
  containers:
    - name: busybox
      image: busybox
      args:
        - sleep
        - "3600"