Skip to content

fix(helm): add custom egress rules to realtime network policy #2481

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
waleedlatif1 merged 1 commit into from
Dec 20, 2025
Merged

fix(helm): add custom egress rules to realtime network policy #2481

waleedlatif1 merged 1 commit into from
Dec 20, 2025

Conversation

@Lutherwaves
Copy link
Contributor

@Lutherwaves Lutherwaves commented Dec 19, 2025
edited
Loading

Summary

The realtime service network policy was missing the custom egress rules section that allows configuration of additional egress rules via values.yaml. This caused the realtime pods to be unable to connect to external databases (e.g., PostgreSQL on port 5432) when using external database configurations.

The app network policy already had this section, but the realtime network policy was missing it, creating an inconsistency and preventing the realtime service from accessing external databases configured via networkPolicy.egress values.

This fix adds the same custom egress rules template section to the realtime network policy, matching the app network policy behavior and allowing users to configure database connectivity via values.yaml.

Fixes https://discord.com/channels/1344142560293290024/1441430398155493396/1441430398155493396

Type of Change

  • Bug fix
  • New feature
  • Breaking change
  • Documentation
  • Other: ___________

Testing

  • Tested without this change - my connection from realtime svc to pg db inside a kubernetes cluster, behind a VPN was failing (cluster DNS)
  • With the change, the egress rule unblocks the WS conection
  • Before the change could not receive data from client: Connection reset by peer was thrown by PSQL

Checklist

  • Code follows project style guidelines
  • Self-reviewed my changes
  • Tests added/updated and passing
  • No new warnings introduced
  • I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

@vercel
Copy link

vercel bot commented Dec 19, 2025

@Lutherwaves is attempting to deploy a commit to the Sim Team on Vercel.

A member of the Team first needs to authorize it.

@greptile-apps
Copy link
Contributor

greptile-apps bot commented Dec 19, 2025

Greptile Summary

This PR fixes a missing configuration section in the realtime service network policy. The change adds the custom egress rules template block to the realtime network policy, bringing it into parity with the app network policy.

  • Added {{- with .Values.networkPolicy.egress }} template section to realtime network policy (lines 144-147)
  • Enables configuration of additional egress rules via values.yaml for external database connections
  • Fixes connectivity issues when using external PostgreSQL databases on non-standard ports
  • Maintains consistency across all network policies in the Helm chart

Confidence Score: 5/5

  • This PR is safe to merge with minimal risk
  • The change is a simple, well-justified bug fix that adds a missing template section. The exact same pattern already exists in the app network policy (lines 83-86), making this a proven, low-risk change. The template syntax is correct, indentation matches existing patterns, and the change addresses a real connectivity issue without modifying any existing functionality.
  • No files require special attention

Important Files Changed

Filename Overview
helm/sim/templates/networkpolicy.yaml Added custom egress rules template section to realtime network policy, matching app network policy behavior

Sequence Diagram

sequenceDiagram
    participant User as User/DevOps
    participant Values as values.yaml
    participant Helm as Helm Template Engine
    participant RT as Realtime Network Policy
    participant Ext as External Database

    User->>Values: Configure networkPolicy.egress<br/>with custom rules
    User->>Helm: Deploy/upgrade chart
    Helm->>RT: Render template with<br/>custom egress rules
    Note over RT: Before fix: Custom rules ignored<br/>After fix: Custom rules included
    RT->>Ext: Allow egress to external DB<br/>(e.g., PostgreSQL :5432)
    Ext-->>RT: Connection successful
Loading

@Lutherwaves
fix(helm): add custom egress rules to realtime network policy
31147b6 
The realtime service network policy was missing the custom egress rules section
that allows configuration of additional egress rules via values.yaml. This caused
the realtime pods to be unable to connect to external databases (e.g., PostgreSQL
on port 5432) when using external database configurations.

The app network policy already had this section, but the realtime network policy
was missing it, creating an inconsistency and preventing the realtime service
from accessing external databases configured via networkPolicy.egress values.

This fix adds the same custom egress rules template section to the realtime
network policy, matching the app network policy behavior and allowing users to
configure database connectivity via values.yaml.
@Lutherwaves Lutherwaves force-pushed the fix/helm-realtime-network-policy-egress branch from 4b1ab75 to 31147b6 Compare December 19, 2025 22:35
@vercel
Copy link

vercel bot commented Dec 20, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
docs Ready Ready Preview, Comment Dec 20, 2025 2:47am

@waleedlatif1 waleedlatif1 merged commit 4431a1a into simstudioai:main Dec 20, 2025
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Lutherwaves @waleedlatif1