Defining networkPolicy rules between the pods of a StatefulSet

Hi,
I have setup a Hashicorp Vault cluster and would like to tighten security. To do that, I implemented the following default rule in the “vault” namespace. We use Calico for this.

kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  name: default-deny
  namespace: vault
spec:
  podSelector:
    matchLabels: {}
  policyTypes:
    - Ingress
    - Egress
---
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  name: egress-kubedns
  namespace: vault
spec:
  podSelector:
    matchLabels: {}
  policyTypes:
    - Egress
  egress:
    - to:
      - namespaceSelector:
          matchLabels:
            name: kube-system
        podSelector:
          matchLabels:
            k8s-app: kube-dns
      ports:
        - protocol: UDP
          port: 53

How can I now create rules that will make sure all vault pods can talk to each other over TCP on ports 8200-8201?

It might be trivial but I can’t figure it out. How do you open connections between nodes of a StatefulSet or any other controller?

Any advice would be welcome.

Thanks!

Cluster information:

Kubernetes version: v1.18.2
Cloud being used: bare-metal
Installation method: kubeadm
Host OS: Fedora CoreOS
CNI and version: 0.8.5
CRI and version: 1.18.0

For who it can help later…

Embarrassingly enough, a kubectl describe gave me the answer

$ kubectl describe pod/vault-0
Name:         vault-0
Namespace:    vault
Priority:     0
Node:         XXXXX
Start Time:   Fri, 12 Jun 2020 11:40:14 +0200
Labels:       app=vault
              controller-revision-hash=vault-0123456789
              statefulset.kubernetes.io/pod-name=vault-0
[...]