X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fcommon%2Fcommon%2Ftemplates%2F_serviceMesh.tpl;h=a3d269e4f28bf1fa76da38c02a3756d73c06f276;hb=7ef78aefe4cf6dba1e14add5602f4df55862c9b4;hp=fe2424cc85b24f30ef48154ccd7539b6bc68a086;hpb=11e85382bc62797ea511a42b1bd647772129c0d7;p=oom.git diff --git a/kubernetes/common/common/templates/_serviceMesh.tpl b/kubernetes/common/common/templates/_serviceMesh.tpl index fe2424cc85..a3d269e4f2 100644 --- a/kubernetes/common/common/templates/_serviceMesh.tpl +++ b/kubernetes/common/common/templates/_serviceMesh.tpl @@ -95,10 +95,10 @@ true spec: selector: matchLabels: - app.kubernetes.io/name: ("app.kubernetes.io/name" corresponds to key defined in "common.labels", which is included in "common.service") + app: ("app" corresponds to a key defined in "common.labels", which is included in "common.service") If common.useAuthorizationPolicies returns false: - Will create an authorization policy without rules, i.e., an allow-all policy + Will not create an authorization policy */}} {{- define "common.authorizationPolicy" -}} {{- $dot := default . .dot -}} @@ -106,6 +106,7 @@ true {{- $authorizedPrincipals := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipals -}} {{- $defaultOperationMethods := list "GET" "POST" "PUT" "PATCH" "DELETE" -}} {{- $relName := include "common.release" . -}} +{{- if (include "common.useAuthorizationPolicies" .) }} apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy metadata: @@ -114,10 +115,9 @@ metadata: spec: selector: matchLabels: - app.kubernetes.io/name: {{ include "common.servicename" . }} + app: {{ include "common.servicename" . }} action: ALLOW rules: -{{- if (include "common.useAuthorizationPolicies" .) }} {{- if $authorizedPrincipals }} {{- range $principal := $authorizedPrincipals }} - from: @@ -143,7 +143,5 @@ spec: {{- end }} {{- end }} {{- end }} -{{- else }} - - {} {{- end }} {{- end -}}