commit ab2704a6f5a9ce2031cca03bc610b0e7c02553df
author AndrewLamb <andrew.a.lamb@est.tech> Wed Apr 05 14:45:11 2023 +0100
committer Andreas Geissler <andreas-geissler@telekom.de> Fri Apr 21 07:24:03 2023 +0000
tree 244045cf14be9d9b69d64ee4840ecd26571230f2
parent 9d4d923694a16dfe53adf262091eba61e4a3cb56

[SO] Create Authorization Policies for SO

- Create Authoriation Policies for SO
- Add in initial authorized serviceaccounts for each sub component service

Issue-ID: OOM-3128
Change-Id: Id18b7bb6cdb180b1173966e797032118b5b20621
Signed-off-by: AndrewLamb <andrew.a.lamb@est.tech>

kubernetes/so/components/so-cnfm-lcm/values.yaml

diff --git a/kubernetes/so/components/so-cnfm-lcm/values.yaml b/kubernetes/so/components/so-cnfm-lcm/values.yaml
index 9cb7483..6dbb0a0 100644
--- a/kubernetes/so/components/so-cnfm-lcm/values.yaml
+++ b/kubernetes/so/components/so-cnfm-lcm/values.yaml
@@ -119,6 +119,13 @@
   config:
     ssl: 'redirect'
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: so-read
+      - serviceAccount: istio-ingress
+        namespace: istio-ingress
+
 nodeSelector: {}
 
 tolerations: []