From ab2704a6f5a9ce2031cca03bc610b0e7c02553df Mon Sep 17 00:00:00 2001
From: AndrewLamb <andrew.a.lamb@est.tech>
Date: Wed, 5 Apr 2023 14:45:11 +0100
Subject: [SO] Create Authorization Policies for SO

- Create Authoriation Policies for SO
- Add in initial authorized serviceaccounts for each sub component service

Issue-ID: OOM-3128
Change-Id: Id18b7bb6cdb180b1173966e797032118b5b20621
Signed-off-by: AndrewLamb <andrew.a.lamb@est.tech>
---
 kubernetes/so/components/so-bpmn-infra/values.yaml | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'kubernetes/so/components/so-bpmn-infra/values.yaml')

diff --git a/kubernetes/so/components/so-bpmn-infra/values.yaml b/kubernetes/so/components/so-bpmn-infra/values.yaml
index 2fc9646c1d..c53741a3a3 100755
--- a/kubernetes/so/components/so-bpmn-infra/values.yaml
+++ b/kubernetes/so/components/so-bpmn-infra/values.yaml
@@ -158,6 +158,16 @@ livenessProbe:
   failureThreshold: 3
 ingress:
   enabled: false
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: robot-read
+      - serviceAccount: so-admin-cockpit-read
+      - serviceAccount: so-oof-adapter-read
+      - serviceAccount: so-openstack-adapter-read
+      - serviceAccount: so-read
+      - serviceAccount: so-sdc-controller-read
+      - serviceAccount: so-sdnc-adapter-read
 nodeSelector: {}
 tolerations: []
 affinity: {}
-- 
cgit 1.2.3-korg