fix(helm): add custom egress rules to realtime network policy

[Lutherwaves]

Summary

The realtime service network policy was missing the custom egress rules section that allows configuration of additional egress rules via values.yaml. This caused the realtime pods to be unable to connect to external databases (e.g., PostgreSQL on port 5432) when using external database configurations.

The app network policy already had this section, but the realtime network policy was missing it, creating an inconsistency and preventing the realtime service from accessing external databases configured via networkPolicy.egress values.

This fix adds the same custom egress rules template section to the realtime network policy, matching the app network policy behavior and allowing users to configure database connectivity via values.yaml.

Fixes https://discord.com/channels/1344142560293290024/1441430398155493396/1441430398155493396

Type of Change

• Bug fix
• New feature
• Breaking change
• Documentation
• Other: ___________

Testing

• Tested without this change - my connection from realtime svc to pg db inside a kubernetes cluster, behind a VPN was failing (cluster DNS)
• With the change, the egress rule unblocks the WS conection
• Before the change could not receive data from client: Connection reset by peer was thrown by PSQL

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

[vercel]

@Lutherwaves is attempting to deploy a commit to the Sim Team on Vercel.

A member of the Team first needs to authorize it.

[greptile-apps]

Greptile Summary

This PR fixes a missing configuration section in the realtime service network policy. The change adds the custom egress rules template block to the realtime network policy, bringing it into parity with the app network policy.

• Added {{- with .Values.networkPolicy.egress }} template section to realtime network policy (lines 144-147)
• Enables configuration of additional egress rules via values.yaml for external database connections
• Fixes connectivity issues when using external PostgreSQL databases on non-standard ports
• Maintains consistency across all network policies in the Helm chart

Confidence Score: 5/5

• This PR is safe to merge with minimal risk
• The change is a simple, well-justified bug fix that adds a missing template section. The exact same pattern already exists in the app network policy (lines 83-86), making this a proven, low-risk change. The template syntax is correct, indentation matches existing patterns, and the change addresses a real connectivity issue without modifying any existing functionality.
• No files require special attention

Important Files Changed

Filename	Overview
helm/sim/templates/networkpolicy.yaml	Added custom egress rules template section to realtime network policy, matching app network policy behavior

Sequence Diagram

sequenceDiagram
    participant User as User/DevOps
    participant Values as values.yaml
    participant Helm as Helm Template Engine
    participant RT as Realtime Network Policy
    participant Ext as External Database

    User->>Values: Configure networkPolicy.egress<br/>with custom rules
    User->>Helm: Deploy/upgrade chart
    Helm->>RT: Render template with<br/>custom egress rules
    Note over RT: Before fix: Custom rules ignored<br/>After fix: Custom rules included
    RT->>Ext: Allow egress to external DB<br/>(e.g., PostgreSQL :5432)
    Ext-->>RT: Connection successful

Loading

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
docs	Ready	Preview, Comment	Dec 20, 2025 2:47am