add source code and readme

manifests/infrastructure/celery-monitoring/network-policies.yaml

@@ -0,0 +1,47 @@
+---
+# Celery Monitoring Network Policies
+# Port-forward and health check access to Flower with proper DNS/Redis connectivity
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: celery-flower-ingress
+  namespace: celery-monitoring
+spec:
+  description: "Allow ingress to Flower from kubectl port-forward and health checks"
+  endpointSelector:
+    matchLabels:
+      app.kubernetes.io/name: celery-flower
+      app.kubernetes.io/component: monitoring
+  ingress:
+  # Allow kubectl port-forward access (from cluster nodes)
+  - fromEntities:
+    - cluster
+    - host
+    toPorts:
+    - ports:
+      - port: "5555"
+        protocol: TCP
+
+---
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: celery-flower-egress
+  namespace: celery-monitoring
+spec:
+  description: "Allow Flower to connect to Redis, DNS, and monitoring services"
+  endpointSelector:
+    matchLabels:
+      app.kubernetes.io/name: celery-flower
+      app.kubernetes.io/component: monitoring
+  egress:
+  # Allow all cluster-internal communication (like PieFed approach)
+  # This is more permissive but still secure within the cluster
+  - toEntities:
+    - cluster
+    - host
+  
+
+
+# Service access policy removed - using kubectl port-forward for local access
+# Port-forward provides secure access without exposing the service externally