Description

This pull request adds a top-level networkPolicies value for defining arbitrary Kubernetes NetworkPolicy resources through the chart, giving cluster operators control over ingress/egress traffic to deployed components. It is a map keyed by policy name. Each entry renders one NetworkPolicy: the chart owns apiVersion, kind, metadata.name, labels and namespace; the spec renders verbatim. Helm templating works in keys and values, so policies can target any namespace and any pods.

It also deprecates forge.projectNetworkPolicy in favour of the new value. The old block still works unchanged; a deprecation notice via NOTES.txt, the README, and the values schema guides migration. No removal scheduled.

Related Issue(s)

Closes #946

Checklist

• I have read the contribution guidelines
• Suitable unit/system level tests have been added and they pass
• Documentation has been updated
  • Upgrade instructions
  • Configuration details
  • Concepts
• Changes flowforge.yml?
  • Issue/PR raised on FlowFuse/helm to update ConfigMap Template
  • Issue/PR raised on FlowFuse/CloudProject to update values for Staging/Production
• Link to Changelog Entry PR, or note why one is not needed.

Labels

• Includes a DB migration? -> add the area:migration label