{{- if .Values.networkPolicies.enabled }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: egress-virtual-services
  namespace: "{{ .Release.Namespace }}"
spec:
  # Since we don't know what apps may have VS and what ports they are on, allow to all namespaces, any ports
  egress:
    - to:
      - namespaceSelector: {}
  podSelector:
    matchLabels:
      istio: ingressgateway
  policyTypes:
    - Egress
{{- end }}