X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fcommon%2Fcommon%2Ftemplates%2F_serviceMesh.tpl;h=de779f8db85dbfe6f298b09c9daeed99bfdc1738;hb=d4ac226bd9a94cf3339a8308e59c69f77404c489;hp=fe2424cc85b24f30ef48154ccd7539b6bc68a086;hpb=c58d4c29d0d55e0720145b1ef59f1d9dbc0a6e46;p=oom.git diff --git a/kubernetes/common/common/templates/_serviceMesh.tpl b/kubernetes/common/common/templates/_serviceMesh.tpl index fe2424cc85..de779f8db8 100644 --- a/kubernetes/common/common/templates/_serviceMesh.tpl +++ b/kubernetes/common/common/templates/_serviceMesh.tpl @@ -95,10 +95,10 @@ true spec: selector: matchLabels: - app.kubernetes.io/name: ("app.kubernetes.io/name" corresponds to key defined in "common.labels", which is included in "common.service") + app: ("app" corresponds to a key defined in "common.labels", which is included in "common.service") If common.useAuthorizationPolicies returns false: - Will create an authorization policy without rules, i.e., an allow-all policy + Will not create an authorization policy */}} {{- define "common.authorizationPolicy" -}} {{- $dot := default . .dot -}} @@ -106,6 +106,7 @@ true {{- $authorizedPrincipals := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipals -}} {{- $defaultOperationMethods := list "GET" "POST" "PUT" "PATCH" "DELETE" -}} {{- $relName := include "common.release" . -}} +{{- if (include "common.useAuthorizationPolicies" .) }} apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy metadata: @@ -114,10 +115,9 @@ metadata: spec: selector: matchLabels: - app.kubernetes.io/name: {{ include "common.servicename" . }} + app: {{ include "common.name" . }} action: ALLOW rules: -{{- if (include "common.useAuthorizationPolicies" .) }} {{- if $authorizedPrincipals }} {{- range $principal := $authorizedPrincipals }} - from: @@ -143,7 +143,5 @@ spec: {{- end }} {{- end }} {{- end }} -{{- else }} - - {} {{- end }} {{- end -}}