summaryrefslogtreecommitdiffstats
path: root/kubernetes/sdnc/values.yaml
diff options
context:
space:
mode:
authorAndrewLamb <andrew.a.lamb@est.tech>2023-05-12 15:37:14 +0100
committerAndreas Geissler <andreas-geissler@telekom.de>2023-06-20 06:56:22 +0000
commit7709c1769692d893f88ea61cbe4e54e377b72829 (patch)
treeaf2d13d2dfb1a83b8d612010bcc2a36b6980c329 /kubernetes/sdnc/values.yaml
parent351be1d7603428a807d1e78073ce679b5d713419 (diff)
[SDNC] Create Authorization Policies for SDNC
Add initial authorized serviceaccounts for each SDNC service Issue-ID: OOM-3131 Change-Id: I56db8f5d16ec15400fdd240c5a0126e2381f7237 Signed-off-by: AndrewLamb <andrew.a.lamb@est.tech>
Diffstat (limited to 'kubernetes/sdnc/values.yaml')
-rw-r--r--kubernetes/sdnc/values.yaml20
1 files changed, 20 insertions, 0 deletions
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index f02bc0b3b0..ee8b2e5c30 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -586,6 +586,26 @@ ingress:
config:
ssl: "redirect"
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: a1policymanagement-read
+ - serviceAccount: cds-blueprints-processor-read
+ - serviceAccount: consul-read
+ - serviceAccount: ncmp-dmi-plugin-read
+ - serviceAccount: policy-drools-pdp-read
+ - serviceAccount: robot-read
+ - serviceAccount: sdnc-ansible-server-read
+ - serviceAccount: sdnc-dmaap-listener-read
+ - serviceAccount: sdnc-prom-read
+ - serviceAccount: sdnc-ueb-listener-read
+ - serviceAccount: sdnc-web-read
+ - serviceAccount: so-sdnc-adapter-read
+ - serviceAccount: istio-ingress
+ namespace: istio-ingress
+ authorizedPrincipalsSdnHosts:
+ - serviceAccount: sdnc-read
+
#Resource Limit flavor -By Default using small
flavor: small
#segregation for different envionment (Small and Large)