apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-egress-to-apiserver
  namespace: wordpress
spec:
  podSelector:
    matchLabels:
      cnpg.io/cluster: wordpress-db # Targets all components of the wordpress-db cluster
  policyTypes:
  - Egress
  egress:
  - to:
    - ipBlock:
        cidr: 10.96.0.1/32 # Kubernetes API Server IP
    ports:
    - protocol: TCP
      port: 443