revert(vd): revert allowing ingress from virtualization namespace to uploader pods

[hardcoretime]

Description

Reverts the changes introduced in commit 67b70fa which added an Ingress rule to NetworkPolicy for uploader pods.

The original fix added an Ingress rule allowing traffic only from namespaces labeled with module: virtualization. This was intended to allow the CDI controller to scrape progress metrics from importer pods in isolated namespaces. However, this breaks the e2e DataExport test because the uploader pod is accessed via the Ingress controller, which is located in a different namespace (e.g., d8-ingress-nginx) with label module: ingress-nginx.

Why do we need it, and what problem does it solve?

The e2e test DataExports exports VirtualDisk and VirtualDiskSnapshot, then restores data via upload fails with the following error:

failed to sync virtual disk data source upload: failed to get upload server status: Get "https://virtualization.example.com/upload/...": context deadline exceeded

The request flow in the test:

1. Test sends HTTP request to the Ingress URL
2. Request hits the Ingress controller pod (in d8-ingress-nginx namespace)
3. Ingress controller proxies the request to the uploader pod
4. NetworkPolicy blocks this because the source namespace has module: ingress-nginx label, not module: virtualization

The fix reverts the Ingress rule addition, restoring the previous behavior where only Egress policy was applied.

What is the expected result?

The e2e test DataExports should pass after this revert.

Checklist

• The code is covered by unit tests.
• e2e tests passed.
• Documentation updated according to the changes.
• Changes were tested in the Kubernetes cluster manually.

Changelog entries

section: core
type: chore
summary: "Reverted NetworkPolicy Ingress rule that broke e2e DataExport test. The Ingress rule was blocking traffic from ingress controller namespaces."
impact_level: low