We are using Kubernetes in premise and we are new to using Network policies(calico) in Kubernetes. I have setup nginx ingress controller(NodePort) for accessing services from outside the cluster. However our DB which the applications use is hosted outside that can be accessed only by whitelisted ips through DBproxy.I know that we can setup egress rules from a namespace using calico policy.However I would like to know how the network policy yaml should be so that I can whitelist only the node IPs of mykubernetes cluster on DBProxy.
Any ideas or corrections in methodology are appreciated.