feat: add network policy

[ScOut3R]

Considering the sensitive nature of the data passing through the controller I thought the ability to restrict egress would be welcomed.

If I understand it correctly the controller only needs access to the DNS resolver and vault itself, but the template allows a flexible egress configuration.

I wasn't sure how to reflect the change in the chart's version since it seems to be tied to the application's version.

Please let me know if further changes are required.

[ricoberger]

Hi @ScOut3R thanks for your contribution 🙂. I would trigger a new release after the PR is merged, so there is nothing needed from your side.

Would it make sense to also allow customizing the egress ports section?

I was thinking about a use case where Vault is running in the same cluster as the operator and the operator tries to access Vault via the cluster internal url, e.g. http://vault.vault.svc.cluster.local:8200

[ScOut3R]

Thank you for the feedback @ricoberger! I have extended the example in values.yaml to indicate that a port can be specified. If it is omitted then every port and protocol will be allowed. It's a very flexible setup where the user can supply the egress rule according to the NetworkPolicy resource, there are no limitations or assumptions.

[ricoberger]

Ah nice, thank you 🙂