[DCAEGEN2] Create Authorization Policies for DCAE Add initial authorized serviceaccounts for each sub component service Issue-ID: OOM-3132 Change-Id: I984d5aef78836e066d800bf739619f556f9adbfe Signed-off-by: AndrewLamb <andrew.a.lamb@est.tech>

commit: bd6ff6b619dc497cd08946541d2fda7f89684357 [log] [tgz]
author: AndrewLamb <andrew.a.lamb@est.tech> Thu May 04 15:56:49 2023 +0100
committer: Andreas Geissler <andreas-geissler@telekom.de> Fri May 26 06:51:30 2023 +0000
tree: c4741a0a33ef962f869a53c2b5f99e046574ce37
parent: 7258874e2d9a2d21bf017b1dd6276bb0399151be [diff] [blame]
diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml
index 7c6b3e9..ee21e10 100644
--- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml

@@ -125,6 +125,14 @@
   config:
     ssl: "redirect"
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: dcae-pm-mapper-read
+      - serviceAccount: message-router-read
+      - serviceAccount: istio-ingress
+        namespace: istio-ingress
+
 # Data Router Publisher Credentials
 drPubscriberCreds:
   username: username
commit	bd6ff6b619dc497cd08946541d2fda7f89684357	[log] [tgz]
author	AndrewLamb <andrew.a.lamb@est.tech>	Thu May 04 15:56:49 2023 +0100
committer	Andreas Geissler <andreas-geissler@telekom.de>	Fri May 26 06:51:30 2023 +0000
tree	c4741a0a33ef962f869a53c2b5f99e046574ce37
parent	7258874e2d9a2d21bf017b1dd6276bb0399151be [diff] [blame]