spec:
selector:
matchLabels:
- app.kubernetes.io/name: <app-to-match> ("app.kubernetes.io/name" corresponds to key defined in "common.labels", which is included in "common.service")
+ app: <app-to-match> ("app" corresponds to a key defined in "common.labels", which is included in "common.service")
If common.useAuthorizationPolicies returns false:
- Will create an authorization policy without rules, i.e., an allow-all policy
+ Will not create an authorization policy
*/}}
{{- define "common.authorizationPolicy" -}}
{{- $dot := default . .dot -}}
{{- $authorizedPrincipals := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipals -}}
{{- $defaultOperationMethods := list "GET" "POST" "PUT" "PATCH" "DELETE" -}}
{{- $relName := include "common.release" . -}}
+{{- if (include "common.useAuthorizationPolicies" .) }}
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
spec:
selector:
matchLabels:
- app.kubernetes.io/name: {{ include "common.servicename" . }}
+ app: {{ include "common.name" . }}
action: ALLOW
rules:
-{{- if (include "common.useAuthorizationPolicies" .) }}
{{- if $authorizedPrincipals }}
{{- range $principal := $authorizedPrincipals }}
- from:
{{- end }}
{{- end }}
{{- end }}
-{{- else }}
- - {}
{{- end }}
{{- end -}}