commit 0e7c7fe013116e78e9b2bb2725621e528155b26a
author AndrewLamb <andrew.a.lamb@est.tech> Wed May 17 14:13:54 2023 +0100
committer Andreas Geissler <andreas-geissler@telekom.de> Fri May 26 06:51:01 2023 +0000
tree e86ce2bcfc83ce8fcd3862f9718a2bdbb62efedc
parent 7258874e2d9a2d21bf017b1dd6276bb0399151be

[AAI] Create Authorization Policies for AAI

- Create Authorization Policies for AAI
- Add initial authorized serviceAccounts for each sub-component service

Issue-ID: OOM-3126
Change-Id: Ic7fdaf595ae3534805a39859fe8e02b81999bef3
Signed-off-by: amatthews <adrian.matthews@est.tech>
Signed-off-by: AndrewLamb <andrew.a.lamb@est.tech>

kubernetes/aai/components/aai-sparky-be/values.yaml

diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml
index 8ec4553..7fe0a62 100644
--- a/kubernetes/aai/components/aai-sparky-be/values.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/values.yaml
@@ -95,6 +95,12 @@
   config:
     ssl: "redirect"
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: istio-ingress
+        namespace: istio-ingress
+
 podAnnotations:
   sidecar.istio.io/rewriteAppHTTPProbers: "false"