Add Sidecar and ServiceEntries for Authservice
General MR
Summary
This MR introduces a Sidecar and a set of ServiceEntries for Authservice when istio.enabled: true and istio.hardened.enabled: true. This is in support of big-bang&160 (closed).
Additionally, during testing it was discovered that the AuthorizationPolicy previously added was preventing Authservice from talking to its redis component, due to an invalid labelSelector. This has been fixed.
Relevant logs/screenshots
(Include any relevant logs/screenshots)
Linked Issue
Upgrade Notices
A Sidecar resource has been added to the Kiali namespace that disallows egress to endpoints that are not part of the Istio service registry (a.k.a REGISTRY_ONLY). The outboundTrafficPolicy.mode in the Sidecar can be configured, however, to be something other than REGISTRY_ONLY if desired by setting istio.hardened.outboundTrafficPolicyMode. This provides a redundant layer of network security in addition to NetworkPolicies. This Sidecar is disabled by default but can be enabled by setting istio.enabled: true and istio.hardened.enabled: true.
Additionally, custom ServiceEntries can be created by populating the istio.hardened.customServiceEntries list.
Closes #87 (closed)