From bbfe438f5d8c4750812a78b80732d906e42dc8f7 Mon Sep 17 00:00:00 2001
From: dahoud <41957584+DahoudG@users.noreply.github.com>
Date: Wed, 22 Apr 2026 15:50:19 +0000
Subject: [PATCH] fix: NetworkPolicy egress complet (Postgres + Keycloak +
 Kafka si besoin)

---
 Chart.yaml  |  2 +-
 values.yaml | 20 +++++++++++++++++++-
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/Chart.yaml b/Chart.yaml
index 55f13f7..5296afb 100644
--- a/Chart.yaml
+++ b/Chart.yaml
@@ -14,5 +14,5 @@ sources:
   - https://git.lions.dev/lionsdev/mic-after-work-server-impl-quarkus-main-k1
 dependencies:
   - name: lions-app
-    version: "1.0.2"
+    version: "1.0.3"
     repository: "https://git.lions.dev/api/packages/lionsdev/helm"
diff --git a/values.yaml b/values.yaml
index db7159f..1445d95 100644
--- a/values.yaml
+++ b/values.yaml
@@ -68,7 +68,25 @@ lions-app:
       nginx.ingress.kubernetes.io/proxy-buffer-size: "16k"
 
   networkPolicy:
-    enabled: false   # TODO: re-enable après validation egress rules
+    enabled: true
+    allowIngressFrom:
+      - namespaceSelector:
+          kubernetes.io/metadata.name: ingress-nginx
+      - namespaceSelector:
+          kubernetes.io/metadata.name: monitoring
+    allowEgressDNS: true
+    allowEgressKubeAPI: true
+    allowEgressTo:
+      - namespaceSelector:
+          kubernetes.io/metadata.name: postgresql
+        ports:
+          - port: 5432
+            protocol: TCP
+      - namespaceSelector:
+          kubernetes.io/metadata.name: keycloak
+        ports:
+          - port: 8080
+            protocol: TCP
 
   probes:
     liveness: