From 7ef78aefe4cf6dba1e14add5602f4df55862c9b4 Mon Sep 17 00:00:00 2001
From: AndrewLamb <andrew.a.lamb@est.tech>
Date: Thu, 20 Apr 2023 16:24:13 +0100
Subject: [POLICY][COMMON] Create Authorization Policies for Policy

Policy- Add initial authorized serviceaccounts for each sub component service
Common- Change authorizationpolicy to match on the label app

Issue-ID: OOM-3139
Change-Id: I411877b933d6dfcbdee633f1440d16c9658438e5
Signed-off-by: AndrewLamb <andrew.a.lamb@est.tech>
---
 kubernetes/policy/components/policy-gui/values.yaml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'kubernetes/policy/components/policy-gui/values.yaml')

diff --git a/kubernetes/policy/components/policy-gui/values.yaml b/kubernetes/policy/components/policy-gui/values.yaml
index 5e48e99d7a..a6ddd205d9 100644
--- a/kubernetes/policy/components/policy-gui/values.yaml
+++ b/kubernetes/policy/components/policy-gui/values.yaml
@@ -89,7 +89,13 @@ ingress:
   config:
     ssl: "redirect"
 
-#resources: {}
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: istio-ingress
+        namespace: istio-ingress
+
+  #resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious
   # choice for the user. This also increases chances charts run on environments with little
   # resources, such as Minikube. If you do want to specify resources, uncomment the following
-- 
cgit 1.2.3-korg