fix: NetworkPolicy egress complet (Postgres + Keycloak + Kafka si besoin)

2026-04-22 15:50:12 +00:00
parent 708b23b744
commit 5d51a7e13b
2 changed files with 20 additions and 2 deletions
--- a/values.yaml
+++ b/values.yaml
@@ -69,7 +69,25 @@ lions-app:
      nginx.ingress.kubernetes.io/proxy-buffer-size: "16k"

  networkPolicy:
-    enabled: false   # TODO: re-enable après validation egress rules
+    enabled: true
+    allowIngressFrom:
+      - namespaceSelector:
+          kubernetes.io/metadata.name: ingress-nginx
+      - namespaceSelector:
+          kubernetes.io/metadata.name: monitoring
+    allowEgressDNS: true
+    allowEgressKubeAPI: true
+    allowEgressTo:
+      - namespaceSelector:
+          kubernetes.io/metadata.name: postgresql
+        ports:
+          - port: 5432
+            protocol: TCP
+      - namespaceSelector:
+          kubernetes.io/metadata.name: keycloak
+        ports:
+          - port: 8080
+            protocol: TCP

  probes:
    liveness: