feat: add networkpolicy option for keycloak smtp (defenseunicorns#429)

corang · mjnagel · web-flow · commit 4059954ed925 · 2024-05-24T13:04:13.000-06:00
## Description ... ## Related Issue Fixes #  Relates to # ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Checklist before merging - [ ] Test, docs, adr added or updated as needed - [ ] [Contributor Guide Steps](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)(https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md#submitting-a-pull-request) followed --------- Co-authored-by: Micah Nagel <micah.nagel@defenseunicorns.com>
diff --git a/src/keycloak/chart/templates/uds-package.yaml b/src/keycloak/chart/templates/uds-package.yaml
@@ -43,6 +43,15 @@ spec:
           - 80
         remoteGenerate: Anywhere
 
+      {{- if .Values.smtp.enabled }}
+      - description: "SMTP access"
+        direction: Egress
+        selector:
+          app.kubernetes.io/name: keycloak
+        port: {{ .Values.smtp.port }}
+        remoteGenerate: Anywhere
+      {{- end }}
+
       {{- if not .Values.devMode }}
       - description: "PostgresQL Database access"
         direction: Egress
diff --git a/src/keycloak/chart/values.yaml b/src/keycloak/chart/values.yaml
@@ -49,6 +49,11 @@ clusterDomain: cluster.local
 # Sets development mode for Keycloak. This disables caching, Postgres and HPAs and should only be used for testing
 devMode: true
 
+# Enable SMTP networkPolicy and config
+smtp:
+  enabled: false
+  port: 587
+
 # Configure FIPS mode for Keycloak
 fips: false
 
