From 7ef78aefe4cf6dba1e14add5602f4df55862c9b4 Mon Sep 17 00:00:00 2001
From: AndrewLamb <andrew.a.lamb@est.tech>
Date: Thu, 20 Apr 2023 16:24:13 +0100
Subject: [POLICY][COMMON] Create Authorization Policies for Policy

Policy- Add initial authorized serviceaccounts for each sub component service
Common- Change authorizationpolicy to match on the label app

Issue-ID: OOM-3139
Change-Id: I411877b933d6dfcbdee633f1440d16c9658438e5
Signed-off-by: AndrewLamb <andrew.a.lamb@est.tech>
---
 kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml')

diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
index 0ec4be4726..cb73314f1d 100644
--- a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
@@ -119,6 +119,12 @@ service:
 ingress:
   enabled: false
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: message-router-read
+      - serviceAccount: policy-gui-read
+
 flavor: small
 resources:
   small:
-- 
cgit 1.2.3-korg