From 0e7c7fe013116e78e9b2bb2725621e528155b26a Mon Sep 17 00:00:00 2001
From: AndrewLamb <andrew.a.lamb@est.tech>
Date: Wed, 17 May 2023 14:13:54 +0100
Subject: [AAI] Create Authorization Policies for AAI

- Create Authorization Policies for AAI
- Add initial authorized serviceAccounts for each sub-component service

Issue-ID: OOM-3126
Change-Id: Ic7fdaf595ae3534805a39859fe8e02b81999bef3
Signed-off-by: amatthews <adrian.matthews@est.tech>
Signed-off-by: AndrewLamb <andrew.a.lamb@est.tech>
---
 kubernetes/aai/components/aai-traversal/values.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'kubernetes/aai/components/aai-traversal/values.yaml')

diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml
index 106b44070c..fac033bd90 100644
--- a/kubernetes/aai/components/aai-traversal/values.yaml
+++ b/kubernetes/aai/components/aai-traversal/values.yaml
@@ -228,6 +228,12 @@ service:
 ingress:
   enabled: false
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: aai-read
+      - serviceAccount: consul-read
+
 # To make logback capping values configurable
 logback:
   logToFileEnabled: true
-- 
cgit 1.2.3-korg