Allow extra egress rules for the keda operator ciliumnetworkpolicy

Signed-off-by: QuentinBisson <quentin@giantswarm.io>
kedacore · Feb 22, 2024 · 486bfc9 · 486bfc9
1 parent 4cf42b3
commit 486bfc9
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 1 deletion.
diff --git a/keda/README.md b/keda/README.md
@@ -67,7 +67,7 @@ their default values.
 | `certificates.certManager.duration` | string | `"8760h0m0s"` | Certificate duration |
 | `certificates.certManager.enabled` | bool | `false` | Enables Cert-manager for certificate management |
 | `certificates.certManager.generateCA` | bool | `true` | Generates a self-signed CA with Cert-manager. If generateCA is false, the secret with the CA has to be annotated with `cert-manager.io/allow-direct-injection: "true"` |
-| `certificates.certManager.issuer` | object | `{"generate":true,"group":"cert-manager.io","kind":"ClusterIssuer","name":"foo-org-ca"}` | Reference to custom Issuer. If issuer.generate is false, then issuer.group, issuer.kind and issuer.name are required |
+| `certificates.certManager.issuer` | object | `{"generate":true,"group":"cert-manager.io","kind":"ClusterIssuer","name":"foo-org-ca"}` | Reference to custom Issuer. |
 | `certificates.certManager.issuer.generate` | bool | `true` | Generates an Issuer resource with Cert-manager |
 | `certificates.certManager.issuer.group` | string | `"cert-manager.io"` | Custom Issuer group. Required when generate: false |
 | `certificates.certManager.issuer.kind` | string | `"ClusterIssuer"` | Custom Issuer kind. Required when generate: false |

diff --git a/keda/templates/manager/ciliumnetworkpolicy.yaml b/keda/templates/manager/ciliumnetworkpolicy.yaml
@@ -21,6 +21,9 @@ spec:
     - toEntities:
         - kube-apiserver
         - cluster
+    {{- if and .Values.networkPolicy.cilium.operator.extraEgressRules }}
+    {{ toYaml .Values.networkPolicy.cilium.operator.extraEgressRules | nindent 4 }}
+    {{- end }}
   ingress:
     - fromEntities:
         - cluster

diff --git a/keda/values.yaml b/keda/values.yaml
@@ -58,6 +58,10 @@ networkPolicy:
   enabled: false
   # -- Flavor of the network policies (cilium)
   flavor: "cilium"
+  # -- Allow use of extra egress rules for cilium network policies
+  # cilium:
+  #   operator:
+  #     extraEgressRules: []
 
 operator:
   # -- Name of the KEDA operator