veza/k8s/network-policies/default-deny.yaml

# Default deny all ingress and egress
# Apply this first; then apply allow policies for each component.
# See README.md for dependency documentation.
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-deny-ingress
  namespace: veza-production
spec:
  podSelector: {}
  policyTypes:
  - Ingress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-deny-egress
  namespace: veza-production
spec:
  podSelector: {}
  policyTypes:
  - Egress
chore: consolidate CI, E2E, backend and frontend updates - CI: workflows updates (cd, ci), remove playwright.yml - E2E: global-setup, auth/playlists/profile specs - Remove playwright-report and test-results artifacts from tracking - Backend: auth, handlers, services, workers, migrations - Frontend: components, features, vite config - Add e2e-results.json to gitignore - Docs: REMEDIATION_PROGRESS, audit archive - Rust: chat-server, stream-server updates 2026-02-17 15:43:21 +00:00			`# Default deny all ingress and egress`
			`# Apply this first; then apply allow policies for each component.`
			`# See README.md for dependency documentation.`
			`---`
			`apiVersion: networking.k8s.io/v1`
			`kind: NetworkPolicy`
			`metadata:`
			`name: default-deny-ingress`
			`namespace: veza-production`
			`spec:`
			`podSelector: {}`
			`policyTypes:`
			`- Ingress`
			`---`
			`apiVersion: networking.k8s.io/v1`
			`kind: NetworkPolicy`
			`metadata:`
			`name: default-deny-egress`
			`namespace: veza-production`
			`spec:`
			`podSelector: {}`
			`policyTypes:`
			`- Egress`