fix: NetworkPolicy egress complet (Postgres + Keycloak + Kafka si besoin)

2026-04-22 15:50:05 +00:00
parent 399baab674
commit c78c2eac3f
2 changed files with 20 additions and 2 deletions
--- a/Chart.yaml
+++ b/Chart.yaml
@@ -14,5 +14,5 @@ sources:
  - https://git.lions.dev/lionsdev/btpxpress-client-k1
 dependencies:
  - name: lions-app
-    version: "1.0.2"
+    version: "1.0.3"
    repository: "https://git.lions.dev/api/packages/lionsdev/helm"
--- a/values.yaml
+++ b/values.yaml
@@ -65,7 +65,25 @@ lions-app:
      nginx.ingress.kubernetes.io/proxy-buffer-size: "16k"

  networkPolicy:
-    enabled: false   # TODO: re-enable après validation egress rules
+    enabled: true
+    allowIngressFrom:
+      - namespaceSelector:
+          kubernetes.io/metadata.name: ingress-nginx
+      - namespaceSelector:
+          kubernetes.io/metadata.name: monitoring
+    allowEgressDNS: true
+    allowEgressKubeAPI: true
+    allowEgressTo:
+      - namespaceSelector:
+          kubernetes.io/metadata.name: postgresql
+        ports:
+          - port: 5432
+            protocol: TCP
+      - namespaceSelector:
+          kubernetes.io/metadata.name: keycloak
+        ports:
+          - port: 8080
+            protocol: TCP

  probes:
    liveness: