simstudioai
fix(helm): add custom egress rules to realtime network policy
Summary
The realtime service network policy was missing the custom egress rules section that allows configuration of additional egress rules via values.yaml. This caused the realtime pods to be unable to connect to external databases (e.g., PostgreSQL on port 5432) when using external database configurations.
The app network policy already had this section, but the realtime network policy was missing it, creating an inconsistency and preventing the realtime service from accessing external databases configured via networkPolicy.egress values.
This fix adds the same custom egress rules template section to the realtime network policy, matching the app network policy behavior and allowing users to configure database connectivity via values.yaml.
Fixes https://discord.com/channels/1344142560293290024/1441430398155493396/1441430398155493396
Type of Change
- [x] Bug fix
- [ ] New feature
- [ ] Breaking change
- [ ] Documentation
- [ ] Other: ___________
Testing
- Tested without this change - my connection from realtime svc to pg db inside a kubernetes cluster, behind a VPN was failing (cluster DNS)
- With the change, the egress rule unblocks the WS conection
- Before the change
could not receive data from client: Connection reset by peerwas thrown by PSQL
Checklist
- [x] Code follows project style guidelines
- [x] Self-reviewed my changes
- [x] Tests added/updated and passing
- [x] No new warnings introduced
- [x] I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)
@Lutherwaves is attempting to deploy a commit to the Sim Team on Vercel.
A member of the Team first needs to authorize it.
![vercel[bot] avatar](https://avatars.githubusercontent.com/in/8329?v=4 "Published by a pub.dev verified publisher"){kind=small}
Greptile Summary
This PR fixes a missing configuration section in the realtime service network policy. The change adds the custom egress rules template block to the realtime network policy, bringing it into parity with the app network policy.
- Added
{{- with .Values.networkPolicy.egress }}template section to realtime network policy (lines 144-147) - Enables configuration of additional egress rules via
values.yamlfor external database connections - Fixes connectivity issues when using external PostgreSQL databases on non-standard ports
- Maintains consistency across all network policies in the Helm chart
Confidence Score: 5/5
- This PR is safe to merge with minimal risk
- The change is a simple, well-justified bug fix that adds a missing template section. The exact same pattern already exists in the app network policy (lines 83-86), making this a proven, low-risk change. The template syntax is correct, indentation matches existing patterns, and the change addresses a real connectivity issue without modifying any existing functionality.
- No files require special attention
Important Files Changed
| Filename | Overview |
|---|---|
| helm/sim/templates/networkpolicy.yaml | Added custom egress rules template section to realtime network policy, matching app network policy behavior |
Sequence Diagram
sequenceDiagram
participant User as User/DevOps
participant Values as values.yaml
participant Helm as Helm Template Engine
participant RT as Realtime Network Policy
participant Ext as External Database
User->>Values: Configure networkPolicy.egress<br/>with custom rules
User->>Helm: Deploy/upgrade chart
Helm->>RT: Render template with<br/>custom egress rules
Note over RT: Before fix: Custom rules ignored<br/>After fix: Custom rules included
RT->>Ext: Allow egress to external DB<br/>(e.g., PostgreSQL :5432)
Ext-->>RT: Connection successful
![greptile-apps[bot] avatar](https://avatars.githubusercontent.com/in/867647?v=4 "Published by a pub.dev verified publisher"){kind=small}
The latest updates on your projects. Learn more about Vercel for GitHub.
| Project | Deployment | Review | Updated (UTC) |
|---|---|---|---|
| docs |  Ready |
Preview, Comment | Dec 20, 2025 2:47am |