From b304a32a48e14ccc3f179e333a124588700bf1a4 Mon Sep 17 00:00:00 2001
From: AndrewLamb <andrew.a.lamb@est.tech>
Date: Tue, 11 Apr 2023 17:05:54 +0100
Subject: [SDC] Create Authorization Policies for SDC

- Create Authoriation Policies for SDC
- Add in initial authorized serviceaccounts for each sub component service

Issue-ID: OOM-3127
Change-Id: I6e1ce0173028bf75ae3696b29fae80250731dc94
Signed-off-by: AndrewLamb <andrew.a.lamb@est.tech>
---
 kubernetes/sdc/components/sdc-be/values.yaml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'kubernetes/sdc/components/sdc-be/values.yaml')

diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml
index a0a04887ae..adf4b3e04e 100644
--- a/kubernetes/sdc/components/sdc-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-be/values.yaml
@@ -134,6 +134,20 @@ ingress:
   config:
     ssl: "redirect"
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: consul-read
+      - serviceAccount: consul-server-read
+      - serviceAccount: modeling-etsicatalog-read
+      - serviceAccount: nbi-read
+      - serviceAccount: oof-has-read
+      - serviceAccount: portal-db-read
+      - serviceAccount: so-cnfm-lcm-read
+      - serviceAccount: so-etsi-sol003-adapter-read
+      - serviceAccount: so-read
+      - serviceAccount: istio-ingress
+        namespace: istio-ingress
 
 # Resource Limit flavor -By Default using small
 flavor: small
-- 
cgit 1.2.3-korg