Gitiles
Code Review Sign In
gerrit.nordix.org / onap / oom / b304a32a48e14ccc3f179e333a124588700bf1a4^! / . / kubernetes / sdc / components / sdc-fe / values.yaml
commitb304a32a48e14ccc3f179e333a124588700bf1a4[log] [tgz]
authorAndrewLamb <andrew.a.lamb@est.tech>Tue Apr 11 17:05:54 2023 +0100
committerAndreas Geissler <andreas-geissler@telekom.de>Mon Apr 17 12:43:56 2023 +0000
treee82bb7301c43afcb78ad96102b7e9f7b32f8bec7
parent85754da94688be3859eabcef0fd6e8c5352f478f [diff] [blame]
[SDC] Create Authorization Policies for SDC

- Create Authoriation Policies for SDC
- Add in initial authorized serviceaccounts for each sub component service

Issue-ID: OOM-3127
Change-Id: I6e1ce0173028bf75ae3696b29fae80250731dc94
Signed-off-by: AndrewLamb <andrew.a.lamb@est.tech>

diff --git a/kubernetes/sdc/components/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml
index ca8b42a..6298737 100644
--- a/kubernetes/sdc/components/sdc-fe/values.yaml
+++ b/kubernetes/sdc/components/sdc-fe/values.yaml

@@ -108,6 +108,14 @@
   config:
     ssl: "redirect"
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: consul-read
+      - serviceAccount: consul-server-read
+      - serviceAccount: istio-ingress
+        namespace: istio-ingress
+
 # Resource Limit flavor -By Default using small
 flavor: small
 # Segregation for Different environment (Small and Large)