{{- if and .Values.prometheusOperator.networkPolicy.enabled (eq .Values.prometheusOperator.networkPolicy.flavor "kubernetes") }}
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name:  {{ template "kube-prometheus-stack.fullname" . }}-admission-patch
  namespace: {{ template "kube-prometheus-stack.namespace" . }}
  annotations:
    "helm.sh/hook": post-install,post-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
    ## Ensure this is run before the job
    "helm.sh/hook-weight": "-5"
{{- with .Values.prometheusOperator.admissionWebhooks.patch.annotations }}
{{ toYaml . | indent 4 }}
{{- end }}   
  labels:
    app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch
{{- include "kube-prometheus-stack.labels" $ | indent 4 }}
spec:
  podSelector:
    matchLabels:
      app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch
{{- include "kube-prometheus-stack.labels" $ | indent 6 }}
  egress:
  - {}
  policyTypes:
  - Egress
{{- end }}
{{- end }}