fix: NetworkPolicy egress complet (Postgres + Keycloak + Kafka si besoin)

2026-04-22 15:50:25 +00:00
parent f9c4681abf
commit ed277efc08
2 changed files with 7 additions and 16 deletions
--- a/Chart.yaml
+++ b/Chart.yaml
@@ -16,7 +16,7 @@ sources:
  - https://git.lions.dev/lionsdev/unionflow-server-impl-quarkus-k1    # ce repo (deploy)
 dependencies:
  - name: lions-app
-    version: "1.0.2"
+    version: "1.0.3"
    repository: "https://git.lions.dev/api/packages/lionsdev/helm"
    # Alternative pour dev local sans registry :
    # repository: "file://../helm-chart-lions-app"
--- a/values.yaml
+++ b/values.yaml
@@ -127,11 +127,9 @@ lions-app:

  # --------------------------------------------------------
  # NetworkPolicy
-  # TEMPORAIREMENT DÉSACTIVÉE : à reactiver après validation POC et affinage
-  # des règles egress (notamment egress vers node IP pour OIDC public URL)
  # --------------------------------------------------------
  networkPolicy:
-    enabled: false
+    enabled: true
    allowIngressFrom:
      - namespaceSelector:
          kubernetes.io/metadata.name: ingress-nginx
@@ -140,28 +138,21 @@ lions-app:
    allowEgressDNS: true
    allowEgressKubeAPI: true
    allowEgressTo:
-      # PostgreSQL
      - namespaceSelector:
          kubernetes.io/metadata.name: postgresql
        ports:
          - port: 5432
            protocol: TCP
-      # Kafka
-      - namespaceSelector:
-          kubernetes.io/metadata.name: kafka
-        ports:
-          - port: 9092
-            protocol: TCP
-      # Keycloak
      - namespaceSelector:
          kubernetes.io/metadata.name: keycloak
        ports:
          - port: 8080
            protocol: TCP
-
-  # --------------------------------------------------------
-  # Probes Quarkus SmallRye Health
-  # --------------------------------------------------------
+      - namespaceSelector:
+          kubernetes.io/metadata.name: kafka
+        ports:
+          - port: 9092
+            protocol: TCP
  probes:
    liveness:
      enabled: true