[DCAEGEN2] Create Authorization Policies for DCAE Add initial authorized serviceaccounts for each sub component service Issue-ID: OOM-3132 Change-Id: I984d5aef78836e066d800bf739619f556f9adbfe Signed-off-by: AndrewLamb <andrew.a.lamb@est.tech>

commit: bd6ff6b619dc497cd08946541d2fda7f89684357 [log] [tgz]
author: AndrewLamb <andrew.a.lamb@est.tech> Thu May 04 15:56:49 2023 +0100
committer: Andreas Geissler <andreas-geissler@telekom.de> Fri May 26 06:51:30 2023 +0000
tree: c4741a0a33ef962f869a53c2b5f99e046574ce37
parent: 7258874e2d9a2d21bf017b1dd6276bb0399151be [diff] [blame]
diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml
index f6782db..90d7e16 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml

@@ -82,6 +82,13 @@
       plain_port: 8080
       port_protocol: http
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: message-router-read
+    authorizedPrincipalsPostgres:
+      - serviceAccount: dcae-pmsh-read
+
 # Initial Application Configuration
 applicationConfig:
   enable_tls: false
commit	bd6ff6b619dc497cd08946541d2fda7f89684357	[log] [tgz]
author	AndrewLamb <andrew.a.lamb@est.tech>	Thu May 04 15:56:49 2023 +0100
committer	Andreas Geissler <andreas-geissler@telekom.de>	Fri May 26 06:51:30 2023 +0000
tree	c4741a0a33ef962f869a53c2b5f99e046574ce37
parent	7258874e2d9a2d21bf017b1dd6276bb0399151be [diff] [blame]