From 68bebdae5706e3919c8f21faa7dc6ae0d2a516e8 Mon Sep 17 00:00:00 2001
From: gwg313 <gwg313@pm.me>
Date: Sat, 16 May 2026 14:15:13 -0400
Subject: [PATCH] add forgejo network policy

Signed-off-by: gwg313 <gwg313@pm.me>
---
 forgejo/network-policy.yaml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 forgejo/network-policy.yaml

diff --git a/forgejo/network-policy.yaml b/forgejo/network-policy.yaml
new file mode 100644
index 0000000..b67cb45
--- /dev/null
+++ b/forgejo/network-policy.yaml
@@ -0,0 +1,17 @@
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-ingress-to-forgejo
+  namespace: forgejo
+spec:
+  description: "Accept incoming traffic from the native mesh proxy"
+  endpointSelector:
+    matchLabels:
+      app: forgejo
+  ingress:
+    - fromEntities:
+        - ingress
+      toPorts:
+        - ports:
+            - port: "3000"
+              protocol: TCP