From aa49976526760a4dde0ed4946bc445e073282edc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Untersch=C3=BCtz?= <sebastian@unterschutz.de>
Date: Sun, 25 Jan 2026 14:47:57 +0100
Subject: [PATCH] add namespace and refine ingress rules in CiliumNetworkPolicy
 for improved traffic segmentation

---
 k8s/cilium-netpol.yaml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/k8s/cilium-netpol.yaml b/k8s/cilium-netpol.yaml
index 1e7df50..1daa250 100644
--- a/k8s/cilium-netpol.yaml
+++ b/k8s/cilium-netpol.yaml
@@ -3,7 +3,7 @@ apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
   name: default-deny-all
-
+  namespace: escapefromteacher
 spec:
   endpointSelector: {}
   ingress:
@@ -21,9 +21,10 @@ spec:
     matchLabels:
       app: escape-game
   ingress:
-  # Allow HTTP traffic from anywhere (for user access)
   - fromEndpoints:
-    - {}
+    - matchLabels:
+        io.cilium.k8s.policy.namespace: traefik
+        name: traefik
     toPorts:
     - ports:
       - port: "8080"