example for - allow egress only to public addresses

[floge07]

proposal to add an example for "allow egress only to public addresses".

In our use case, where we execute some user-configured rest calls, the service running those should not have access to internal Kubernetes endpoints.
Took me a while of searching to end up with this policy, given that I'm not that knowledgeable about this topic.
I think we can spare other people that, by including this as an example here (since this repo is linked in the official docs)
And maybe someone notices a flaw in this.

spec:
  podSelector: {}
  policyTypes:
    - Egress
  egress:
    - to:
      - namespaceSelector:
          matchLabels:
            kubernetes.io/metadata.name: kube-system
        podSelector:
          matchLabels:
            k8s-app: kube-dns
      ports:
        - port: 53
          protocol: UDP
        - port: 53
          protocol: TCP
    - to:
      - ipBlock:
          cidr: 0.0.0.0/0
          except:
            - 10.0.0.0/8
            - 172.16.0.0/12
            - 192.168.0.0/16

Allows...

1. DNS resolve requests
2. All IPs except the IP ranges defined as private

[boredabdel]

Sounds like a good idea.