veza/k8s/network-policies/frontend-allow.yaml

# Frontend: allow ingress from ingress controller only
# Static assets; no egress required for serving
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: frontend-allow
  namespace: veza-production
spec:
  podSelector:
    matchLabels:
      app: veza-frontend
  policyTypes:
  - Ingress
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          name: ingress-nginx
    ports:
    - protocol: TCP
      port: 80
chore: consolidate CI, E2E, backend and frontend updates - CI: workflows updates (cd, ci), remove playwright.yml - E2E: global-setup, auth/playlists/profile specs - Remove playwright-report and test-results artifacts from tracking - Backend: auth, handlers, services, workers, migrations - Frontend: components, features, vite config - Add e2e-results.json to gitignore - Docs: REMEDIATION_PROGRESS, audit archive - Rust: chat-server, stream-server updates 2026-02-17 15:43:21 +00:00			`# Frontend: allow ingress from ingress controller only`
			`# Static assets; no egress required for serving`
			`---`
			`apiVersion: networking.k8s.io/v1`
			`kind: NetworkPolicy`
			`metadata:`
			`name: frontend-allow`
			`namespace: veza-production`
			`spec:`
			`podSelector:`
			`matchLabels:`
			`app: veza-frontend`
			`policyTypes:`
			`- Ingress`
			`ingress:`
			`- from:`
			`- namespaceSelector:`
			`matchLabels:`
			`name: ingress-nginx`
			`ports:`
			`- protocol: TCP`
			`port: 80`