From bd6ff6b619dc497cd08946541d2fda7f89684357 Mon Sep 17 00:00:00 2001
From: AndrewLamb <andrew.a.lamb@est.tech>
Date: Thu, 4 May 2023 15:56:49 +0100
Subject: [DCAEGEN2] Create Authorization Policies for DCAE

Add initial authorized serviceaccounts for each sub component service

Issue-ID: OOM-3132
Change-Id: I984d5aef78836e066d800bf739619f556f9adbfe
Signed-off-by: AndrewLamb <andrew.a.lamb@est.tech>
---
 .../components/dcae-slice-analysis-ms/values.yaml                  | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml')

diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml
index 065c19b222..6eda4836e6 100644
--- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml
@@ -100,6 +100,13 @@ service:
       port: 8080
       port_protocol: http
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: message-router-read
+    authorizedPrincipalsPostgres:
+      - serviceAccount: dcae-slice-analysis-ms-read
+
 credentials:
 - name: PG_USERNAME
   uid:  *pgUserCredsSecretUid
-- 
cgit 1.2.3-korg