[SO] Create Authorization Policies for SO - Create Authoriation Policies for SO - Add in initial authorized serviceaccounts for each sub component service Issue-ID: OOM-3128 Change-Id: Id18b7bb6cdb180b1173966e797032118b5b20621 Signed-off-by: AndrewLamb <andrew.a.lamb@est.tech>

commit: ab2704a6f5a9ce2031cca03bc610b0e7c02553df [log] [tgz]
author: AndrewLamb <andrew.a.lamb@est.tech> Wed Apr 05 14:45:11 2023 +0100
committer: Andreas Geissler <andreas-geissler@telekom.de> Fri Apr 21 07:24:03 2023 +0000
tree: 244045cf14be9d9b69d64ee4840ecd26571230f2
parent: 9d4d923694a16dfe53adf262091eba61e4a3cb56 [diff] [blame]
diff --git a/kubernetes/so/components/so-bpmn-infra/values.yaml b/kubernetes/so/components/so-bpmn-infra/values.yaml
index 2fc9646..c53741a 100755
--- a/kubernetes/so/components/so-bpmn-infra/values.yaml
+++ b/kubernetes/so/components/so-bpmn-infra/values.yaml

@@ -158,6 +158,16 @@
   failureThreshold: 3
 ingress:
   enabled: false
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: robot-read
+      - serviceAccount: so-admin-cockpit-read
+      - serviceAccount: so-oof-adapter-read
+      - serviceAccount: so-openstack-adapter-read
+      - serviceAccount: so-read
+      - serviceAccount: so-sdc-controller-read
+      - serviceAccount: so-sdnc-adapter-read
 nodeSelector: {}
 tolerations: []
 affinity: {}
commit	ab2704a6f5a9ce2031cca03bc610b0e7c02553df	[log] [tgz]
author	AndrewLamb <andrew.a.lamb@est.tech>	Wed Apr 05 14:45:11 2023 +0100
committer	Andreas Geissler <andreas-geissler@telekom.de>	Fri Apr 21 07:24:03 2023 +0000
tree	244045cf14be9d9b69d64ee4840ecd26571230f2
parent	9d4d923694a16dfe53adf262091eba61e4a3cb56 [diff] [blame]