Merge pull request #6 from giantswarm/add-cilium-extra-exgress-rules

add-cilium-extra-egress rules

keda/README.md

@@ -82,7 +82,7 @@ their default values.
 | `crds.install` | bool | `true` | Defines whether the KEDA CRDs have to be installed or not. |
 | `env` | list | `[]` | Additional environment variables that will be passed onto all KEDA components |
 | `extraObjects` | list | `[]` | Array of extra K8s manifests to deploy |
-| `global.image.registry` | string | `"docker.io"` | Global image registry of KEDA components |
+| `global.image.registry` | string | `"gsoci.azurecr.io"` | Global image registry of KEDA components |
 | `grpcTLSCertsSecret` | string | `""` | Set this if you are using an external scaler and want to communicate over TLS (recommended). This variable holds the name of the secret that will be mounted to the /grpccerts path on the Pod |
 | `hashiCorpVaultTLS` | string | `""` | Set this if you are using HashiCorp Vault and want to communicate over TLS (recommended). This variable holds the name of the secret that will be mounted to the /vault path on the Pod |
 | `http.keepAlive.enabled` | bool | `true` | Enable HTTP connection keep alive |

keda/templates/manager/ciliumnetworkpolicy.yaml

@@ -21,6 +21,9 @@ spec:
     - toEntities:
         - kube-apiserver
         - cluster
+    {{- if and .Values.networkPolicy.cilium.operator.extraEgressRules }}
+    {{ toYaml .Values.networkPolicy.cilium.operator.extraEgressRules | nindent 4 }}
+    {{- end }}
   ingress:
     - fromEntities:
         - cluster

keda/values.yaml

@@ -5,7 +5,7 @@
 global:
   image:
     # -- Global image registry of KEDA components
-    registry: docker.io
+    registry: gsoci.azurecr.io
 
 image:
   keda:
@@ -221,6 +221,10 @@ networkPolicy:
   enabled: true
   # -- Flavor of the network policies (cilium)
   flavor: "cilium"
+  # -- Allow use of extra egress rules for cilium network policies
+  # cilium:
+  #   operator:
+  #     extraEgressRules: []
 
 podDisruptionBudget:
   # -- Capability to configure [Pod Disruption Budget]