diff options
Diffstat (limited to 'deployments/helm/servicemesh/policy/templates')
| -rw-r--r-- | deployments/helm/servicemesh/policy/templates/_helpers.tpl | 25 | ||||
| -rw-r--r-- | deployments/helm/servicemesh/policy/templates/policy.yaml | 33 |
2 files changed, 58 insertions, 0 deletions
diff --git a/deployments/helm/servicemesh/policy/templates/_helpers.tpl b/deployments/helm/servicemesh/policy/templates/_helpers.tpl new file mode 100644 index 00000000..5516ee45 --- /dev/null +++ b/deployments/helm/servicemesh/policy/templates/_helpers.tpl @@ -0,0 +1,25 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/deployments/helm/servicemesh/policy/templates/policy.yaml b/deployments/helm/servicemesh/policy/templates/policy.yaml new file mode 100644 index 00000000..fa51cedf --- /dev/null +++ b/deployments/helm/servicemesh/policy/templates/policy.yaml @@ -0,0 +1,33 @@ +{{/* +# Copyright 2019 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +apiVersion: "authentication.istio.io/v1alpha1" +kind: "Policy" +metadata: + name: {{ template "fullname" . }} + namespace: istio-system + labels: + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} +spec: + targets: + - name: {{ .Values.targetservice }} + peers: + - mtls: {} + origins: + - jwt: + issuer: {{ .Values.jwtissuer }} + jwksUri: {{ .Values.jwksUri }} + principalBinding: USE_ORIGIN |