{{- if and .Values.prometheusOperator.networkPolicy.enabled (eq .Values.prometheusOperator.networkPolicy.flavor "kubernetes") }}
apiVersion: {{ template "kube-prometheus-stack.prometheus.networkPolicy.apiVersion" . }}
kind: NetworkPolicy
metadata:
  name: {{ template "kube-prometheus-stack.operator.fullname" . }}
  namespace: {{ template "kube-prometheus-stack.namespace" . }}
  labels:
    {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
spec:
  egress:
    - {}
  ingress:
    - ports:
      {{- if .Values.prometheusOperator.tls.enabled }}
      - port: {{ .Values.prometheusOperator.tls.internalPort }}
      {{- else }}
      - port: 8080
      {{- end }}
  policyTypes:
    - Egress
    - Ingress
  podSelector:
    matchLabels:
      app: {{ template "kube-prometheus-stack.name" . }}-operator
      release: {{ $.Release.Name | quote }}
      {{- if .Values.prometheusOperator.networkPolicy.matchLabels }}
      {{ toYaml .Values.prometheusOperator.networkPolicy.matchLabels | nindent 6 }}
      {{- end }}
{{- end }}