From 005107850a942638405135e3627c1600676938ee Mon Sep 17 00:00:00 2001
From: QuentinBisson <quentin@giantswarm.io>
Date: Thu, 22 Feb 2024 11:30:56 +0100
Subject: [PATCH] Allow extra egress rules for the keda operator
 ciliumnetworkpolicy

---
 keda/README.md                                  | 2 +-
 keda/templates/manager/ciliumnetworkpolicy.yaml | 3 +++
 keda/values.yaml                                | 4 ++++
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/keda/README.md b/keda/README.md
index b9137bfa..edd2cb72 100644
--- a/keda/README.md
+++ b/keda/README.md
@@ -67,7 +67,7 @@ their default values.
 | `certificates.certManager.duration` | string | `"8760h0m0s"` | Certificate duration |
 | `certificates.certManager.enabled` | bool | `false` | Enables Cert-manager for certificate management |
 | `certificates.certManager.generateCA` | bool | `true` | Generates a self-signed CA with Cert-manager. If generateCA is false, the secret with the CA has to be annotated with `cert-manager.io/allow-direct-injection: "true"` |
-| `certificates.certManager.issuer` | object | `{"generate":true,"group":"cert-manager.io","kind":"ClusterIssuer","name":"foo-org-ca"}` | Reference to custom Issuer. If issuer.generate is false, then issuer.group, issuer.kind and issuer.name are required |
+| `certificates.certManager.issuer` | object | `{"generate":true,"group":"cert-manager.io","kind":"ClusterIssuer","name":"foo-org-ca"}` | Reference to custom Issuer. |
 | `certificates.certManager.issuer.generate` | bool | `true` | Generates an Issuer resource with Cert-manager |
 | `certificates.certManager.issuer.group` | string | `"cert-manager.io"` | Custom Issuer group. Required when generate: false |
 | `certificates.certManager.issuer.kind` | string | `"ClusterIssuer"` | Custom Issuer kind. Required when generate: false |
diff --git a/keda/templates/manager/ciliumnetworkpolicy.yaml b/keda/templates/manager/ciliumnetworkpolicy.yaml
index f9186810..05483873 100644
--- a/keda/templates/manager/ciliumnetworkpolicy.yaml
+++ b/keda/templates/manager/ciliumnetworkpolicy.yaml
@@ -21,6 +21,9 @@ spec:
     - toEntities:
         - kube-apiserver
         - cluster
+    {{- if and .Values.networkPolicy.cilium.operator.extraEgressRules }}
+    {{ toYaml .Values.networkPolicy.cilium.operator.extraEgressRules | nindent 4 }}
+    {{- end }}
   ingress:
     - fromEntities:
         - cluster
diff --git a/keda/values.yaml b/keda/values.yaml
index 6bedab51..7ee061cd 100644
--- a/keda/values.yaml
+++ b/keda/values.yaml
@@ -58,6 +58,10 @@ networkPolicy:
   enabled: false
   # -- Flavor of the network policies (cilium)
   flavor: "cilium"
+  # -- Allow use of extra egress rules for cilium network policies
+  # cilium:
+  #   operator:
+  #     extraEgressRules: []
 
 operator:
   # -- Name of the KEDA operator