[SDC] Create Authorization Policies for SDC
- Create Authoriation Policies for SDC
- Add in initial authorized serviceaccounts for each sub component service
Issue-ID: OOM-3127
Change-Id: I6e1ce0173028bf75ae3696b29fae80250731dc94
Signed-off-by: AndrewLamb <andrew.a.lamb@est.tech>
diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/authorizationpolicy.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/authorizationpolicy.yaml
new file mode 100644
index 0000000..7158c02
--- /dev/null
+++ b/kubernetes/sdc/components/sdc-wfd-be/templates/authorizationpolicy.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
diff --git a/kubernetes/sdc/components/sdc-wfd-be/values.yaml b/kubernetes/sdc/components/sdc-wfd-be/values.yaml
index b6735a4..1774e33 100644
--- a/kubernetes/sdc/components/sdc-wfd-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-be/values.yaml
@@ -116,6 +116,14 @@
config:
ssl: "redirect"
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: sdc-wfd-fe-read
+ - serviceAccount: so-sdc-controller-read
+ - serviceAccount: istio-ingress
+ namespace: istio-ingress
+
# Resource Limit flavor -By Default using small
# Segregation for Different environment (Small and Large)
flavor: small