[SDNC] Create Authorization Policies for SDNC

Add initial authorized serviceaccounts for each SDNC service

Issue-ID: OOM-3131
Change-Id: I56db8f5d16ec15400fdd240c5a0126e2381f7237
Signed-off-by: AndrewLamb <andrew.a.lamb@est.tech>

1 files changed, 20 insertions, 0 deletions

diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index f02bc0b3b0..ee8b2e5c30 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -586,6 +586,26 @@ ingress:
   config:
     ssl: "redirect"
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: a1policymanagement-read
+      - serviceAccount: cds-blueprints-processor-read
+      - serviceAccount: consul-read
+      - serviceAccount: ncmp-dmi-plugin-read
+      - serviceAccount: policy-drools-pdp-read
+      - serviceAccount: robot-read
+      - serviceAccount: sdnc-ansible-server-read
+      - serviceAccount: sdnc-dmaap-listener-read
+      - serviceAccount: sdnc-prom-read
+      - serviceAccount: sdnc-ueb-listener-read
+      - serviceAccount: sdnc-web-read
+      - serviceAccount: so-sdnc-adapter-read
+      - serviceAccount: istio-ingress
+        namespace: istio-ingress
+    authorizedPrincipalsSdnHosts:
+      - serviceAccount: sdnc-read
+
 #Resource Limit flavor -By Default using small
 flavor: small
 #segregation for different envionment (Small and Large)