Merge "[SDNC] Create Authorization Policies for SDNC"

author: Andreas Geissler <andreas-geissler@telekom.de> 2023-06-20 09:06:01 +0000
committer: Gerrit Code Review <gerrit@onap.org> 2023-06-20 09:06:01 +0000
commit: 0daa656106b6e0354fb7d8c284657f6f4be58647 (patch)
tree: c63ddd0849d0e9779a8c3587d711ccd3a858c5e6 /kubernetes/sdnc/values.yaml
parent: c13a17b46717fb942bdd9d57ce7c37b02d65d304 (diff)
parent: 7709c1769692d893f88ea61cbe4e54e377b72829 (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index f02bc0b3b0..ee8b2e5c30 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -586,6 +586,26 @@ ingress:
   config:
     ssl: "redirect"
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: a1policymanagement-read
+      - serviceAccount: cds-blueprints-processor-read
+      - serviceAccount: consul-read
+      - serviceAccount: ncmp-dmi-plugin-read
+      - serviceAccount: policy-drools-pdp-read
+      - serviceAccount: robot-read
+      - serviceAccount: sdnc-ansible-server-read
+      - serviceAccount: sdnc-dmaap-listener-read
+      - serviceAccount: sdnc-prom-read
+      - serviceAccount: sdnc-ueb-listener-read
+      - serviceAccount: sdnc-web-read
+      - serviceAccount: so-sdnc-adapter-read
+      - serviceAccount: istio-ingress
+        namespace: istio-ingress
+    authorizedPrincipalsSdnHosts:
+      - serviceAccount: sdnc-read
+
 #Resource Limit flavor -By Default using small
 flavor: small
 #segregation for different envionment (Small and Large)
author	Andreas Geissler <andreas-geissler@telekom.de>	2023-06-20 09:06:01 +0000
committer	Gerrit Code Review <gerrit@onap.org>	2023-06-20 09:06:01 +0000
commit	0daa656106b6e0354fb7d8c284657f6f4be58647 (patch)
tree	c63ddd0849d0e9779a8c3587d711ccd3a858c5e6 /kubernetes/sdnc/values.yaml
parent	c13a17b46717fb942bdd9d57ce7c37b02d65d304 (diff)
parent	7709c1769692d893f88ea61cbe4e54e377b72829 (diff)