From a1e8d4d36a76250a420c10b8b1ce8ef413ef3bae Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moritz=20J=C3=B6rg?= <moritz.jorg@oceanbox.io>
Date: Thu, 16 Oct 2025 15:22:35 +0200
Subject: [PATCH] fix(atlantis): Allow openfga egress via svc

---
 .../manifests/network/allow-egress-openfga.yaml   | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 values/atlantis/manifests/network/allow-egress-openfga.yaml

diff --git a/values/atlantis/manifests/network/allow-egress-openfga.yaml b/values/atlantis/manifests/network/allow-egress-openfga.yaml
new file mode 100644
index 00000000..8ae99615
--- /dev/null
+++ b/values/atlantis/manifests/network/allow-egress-openfga.yaml
@@ -0,0 +1,15 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-egress-openfga
+  namespace: {{ .Release.Namespace }}
+spec:
+  egress:
+  - toEndpoints:
+    - matchLabels:
+        k8s:io.kubernetes.pod.namespace: openfga
+  endpointSelector:
+    matchLabels:
+      app.kubernetes.io/name: atlantis
+{{- end }}