chore: simpler network policy

deploy/base/network-policy.yaml

@@ -10,52 +10,21 @@ spec:
   - Ingress
   - Egress
   ingress:
-  # Allow inbound traffic from the ingress controller only
+  # Allow inbound traffic to container port
   - from:
-    - namespaceSelector:
-        matchLabels:
-          name: ingress-nginx
-    ports:
-    - protocol: TCP
-      port: 8000
-  # Allow inbound traffic from kubelet for health checks
-  - from:
-    - namespaceSelector:
-        matchLabels:
-          name: kube-system
     ports:
     - protocol: TCP
       port: 8000
   egress:
   # Allow outbound DNS resolution
   - to:
-    - namespaceSelector:
-        matchLabels:
-          name: kube-system
     ports:
     - protocol: TCP
       port: 53
     - protocol: UDP
       port: 53
-  # Allow outbound HTTPS to Kubernetes API server
+  # Allow outbound HTTPS
   - to:
-    - namespaceSelector:
-        matchLabels:
-          name: kube-system
     ports:
     - protocol: TCP
       port: 443
-  # Allow outbound HTTPS to Infomaniak S3
-  - to:
-    - ipBlock:
-        cidr: 45.157.188.56/29  # Infomaniak S3 IPv4 range
-    ports:
-    - protocol: TCP
-      port: 443
-  # Allow outbound NTP for time synchronization
-  - to:
-    - ipBlock:
-        cidr: 0.0.0.0/0
-    ports:
-    - protocol: UDP
-      port: 123