From 142790dc51174be2bd39a1bdeadc08417be2dd68 Mon Sep 17 00:00:00 2001
From: klinch0 <68821526+klinch0@users.noreply.github.com>
Date: Wed, 4 Dec 2024 17:59:33 +0300
Subject: [PATCH] fix kk-configure (#505)

---
 packages/apps/tenant/templates/networkpolicy.yaml   | 12 ++++++++++++
 .../keycloak-configure/templates/configure-kk.yaml  | 13 +++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/packages/apps/tenant/templates/networkpolicy.yaml b/packages/apps/tenant/templates/networkpolicy.yaml
index aa8ed3ea..c6f4e81b 100644
--- a/packages/apps/tenant/templates/networkpolicy.yaml
+++ b/packages/apps/tenant/templates/networkpolicy.yaml
@@ -180,4 +180,16 @@ spec:
   - toEndpoints:
     - matchLabels:
         cozystack.io/service: ingress
+---
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-to-keycloak
+  namespace: {{ include "tenant.name" . }}
+spec:
+  endpointSelector: {}
+  egress:
+  - toEndpoints:
+      - matchLabels:
+          "k8s:io.kubernetes.pod.namespace": cozy-keycloak
 {{- end }}
diff --git a/packages/system/keycloak-configure/templates/configure-kk.yaml b/packages/system/keycloak-configure/templates/configure-kk.yaml
index 7ad67846..71eeca32 100644
--- a/packages/system/keycloak-configure/templates/configure-kk.yaml
+++ b/packages/system/keycloak-configure/templates/configure-kk.yaml
@@ -174,3 +174,16 @@ data:
           - --cookie-secure=false
           - --scope=openid email groups
           - --oidc-issuer-url=https://keycloak.{{ $host }}/realms/cozy
+
+---
+
+apiVersion: v1.edp.epam.com/v1
+kind: KeycloakRealmGroup
+metadata:
+  name: kubeapps-admin
+  namespace: cozy-dashboard
+spec:
+  name: kubeapps-admin
+  realmRef:
+    name: keycloakrealm-cozy
+    kind: ClusterKeycloakRealm