[SDC] Create Authorization Policies for SDC - Create Authoriation Policies for SDC - Add in initial authorized serviceaccounts for each sub component service Issue-ID: OOM-3127 Change-Id: I6e1ce0173028bf75ae3696b29fae80250731dc94 Signed-off-by: AndrewLamb <andrew.a.lamb@est.tech>

commit: b304a32a48e14ccc3f179e333a124588700bf1a4 [log] [tgz]
author: AndrewLamb <andrew.a.lamb@est.tech> Tue Apr 11 17:05:54 2023 +0100
committer: Andreas Geissler <andreas-geissler@telekom.de> Mon Apr 17 12:43:56 2023 +0000
tree: e82bb7301c43afcb78ad96102b7e9f7b32f8bec7
parent: 85754da94688be3859eabcef0fd6e8c5352f478f [diff] [blame]
diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml
index a0a0488..adf4b3e 100644
--- a/kubernetes/sdc/components/sdc-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-be/values.yaml

@@ -134,6 +134,20 @@
   config:
     ssl: "redirect"
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: consul-read
+      - serviceAccount: consul-server-read
+      - serviceAccount: modeling-etsicatalog-read
+      - serviceAccount: nbi-read
+      - serviceAccount: oof-has-read
+      - serviceAccount: portal-db-read
+      - serviceAccount: so-cnfm-lcm-read
+      - serviceAccount: so-etsi-sol003-adapter-read
+      - serviceAccount: so-read
+      - serviceAccount: istio-ingress
+        namespace: istio-ingress
 
 # Resource Limit flavor -By Default using small
 flavor: small
commit	b304a32a48e14ccc3f179e333a124588700bf1a4	[log] [tgz]
author	AndrewLamb <andrew.a.lamb@est.tech>	Tue Apr 11 17:05:54 2023 +0100
committer	Andreas Geissler <andreas-geissler@telekom.de>	Mon Apr 17 12:43:56 2023 +0000
tree	e82bb7301c43afcb78ad96102b7e9f7b32f8bec7
parent	85754da94688be3859eabcef0fd6e8c5352f478f [diff] [blame]