From 4431a1a48486e2049c36873fe9e606468e639f98 Mon Sep 17 00:00:00 2001
From: Martin Yankov <23098926+Lutherwaves@users.noreply.github.com>
Date: Sat, 20 Dec 2025 04:59:08 +0200
Subject: [PATCH] fix(helm): add custom egress rules to realtime network policy
 (#2481)

The realtime service network policy was missing the custom egress rules section
that allows configuration of additional egress rules via values.yaml. This caused
the realtime pods to be unable to connect to external databases (e.g., PostgreSQL
on port 5432) when using external database configurations.

The app network policy already had this section, but the realtime network policy
was missing it, creating an inconsistency and preventing the realtime service
from accessing external databases configured via networkPolicy.egress values.

This fix adds the same custom egress rules template section to the realtime
network policy, matching the app network policy behavior and allowing users to
configure database connectivity via values.yaml.
---
 helm/sim/templates/networkpolicy.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/helm/sim/templates/networkpolicy.yaml b/helm/sim/templates/networkpolicy.yaml
index deac5a5dba..7ef8697417 100644
--- a/helm/sim/templates/networkpolicy.yaml
+++ b/helm/sim/templates/networkpolicy.yaml
@@ -141,6 +141,10 @@ spec:
     ports:
     - protocol: TCP
       port: 443
+  # Allow custom egress rules
+  {{- with .Values.networkPolicy.egress }}
+  {{- toYaml . | nindent 2 }}
+  {{- end }}
 {{- end }}
 
 {{- if .Values.postgresql.enabled }}