From 5d51a7e13b71addbe651f964393eeead73ce7191 Mon Sep 17 00:00:00 2001
From: dahoud <41957584+DahoudG@users.noreply.github.com>
Date: Wed, 22 Apr 2026 15:50:12 +0000
Subject: [PATCH] fix: NetworkPolicy egress complet (Postgres + Keycloak +
 Kafka si besoin)

---
 Chart.yaml  |  2 +-
 values.yaml | 20 +++++++++++++++++++-
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/Chart.yaml b/Chart.yaml
index 660944e..b5cbafa 100644
--- a/Chart.yaml
+++ b/Chart.yaml
@@ -14,5 +14,5 @@ sources:
   - https://git.lions.dev/lionsdev/lions-user-manager-client-quarkus-primefaces-freya-k1
 dependencies:
   - name: lions-app
-    version: "1.0.2"
+    version: "1.0.3"
     repository: "https://git.lions.dev/api/packages/lionsdev/helm"
diff --git a/values.yaml b/values.yaml
index e600012..4598666 100644
--- a/values.yaml
+++ b/values.yaml
@@ -69,7 +69,25 @@ lions-app:
       nginx.ingress.kubernetes.io/proxy-buffer-size: "16k"
 
   networkPolicy:
-    enabled: false   # TODO: re-enable après validation egress rules
+    enabled: true
+    allowIngressFrom:
+      - namespaceSelector:
+          kubernetes.io/metadata.name: ingress-nginx
+      - namespaceSelector:
+          kubernetes.io/metadata.name: monitoring
+    allowEgressDNS: true
+    allowEgressKubeAPI: true
+    allowEgressTo:
+      - namespaceSelector:
+          kubernetes.io/metadata.name: postgresql
+        ports:
+          - port: 5432
+            protocol: TCP
+      - namespaceSelector:
+          kubernetes.io/metadata.name: keycloak
+        ports:
+          - port: 8080
+            protocol: TCP
 
   probes:
     liveness: