Fix for: no matches for kind AuthorizationPolicy, when trying to
install on deployment with no istio.
Issue-ID: OOM-3163
Change-Id: I3e0be55d78e6c88655eeaf267c25b8e6747c5b3c
Signed-off-by: AndrewLamb <andrew.a.lamb@est.tech>
app.kubernetes.io/name: <app-to-match> ("app.kubernetes.io/name" corresponds to key defined in "common.labels", which is included in "common.service")
If common.useAuthorizationPolicies returns false:
app.kubernetes.io/name: <app-to-match> ("app.kubernetes.io/name" corresponds to key defined in "common.labels", which is included in "common.service")
If common.useAuthorizationPolicies returns false:
- Will create an authorization policy without rules, i.e., an allow-all policy
+ Will not create an authorization policy
*/}}
{{- define "common.authorizationPolicy" -}}
{{- $dot := default . .dot -}}
*/}}
{{- define "common.authorizationPolicy" -}}
{{- $dot := default . .dot -}}
{{- $authorizedPrincipals := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipals -}}
{{- $defaultOperationMethods := list "GET" "POST" "PUT" "PATCH" "DELETE" -}}
{{- $relName := include "common.release" . -}}
{{- $authorizedPrincipals := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipals -}}
{{- $defaultOperationMethods := list "GET" "POST" "PUT" "PATCH" "DELETE" -}}
{{- $relName := include "common.release" . -}}
+{{- if (include "common.useAuthorizationPolicies" .) }}
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
app.kubernetes.io/name: {{ include "common.servicename" . }}
action: ALLOW
rules:
app.kubernetes.io/name: {{ include "common.servicename" . }}
action: ALLOW
rules:
-{{- if (include "common.useAuthorizationPolicies" .) }}
{{- if $authorizedPrincipals }}
{{- range $principal := $authorizedPrincipals }}
- from:
{{- if $authorizedPrincipals }}
{{- range $principal := $authorizedPrincipals }}
- from:
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}