Resolve "Implement Istio Authorization Policies"
General MR
Summary
Adds istio authorization policies to the elasticsearch kibana package.
Relevant logs/screenshots
Use the following overrides to deploy the full stack and ensure all dependent packages start.
eckOperator:
# -- Toggle deployment of ECK Operator.
enabled: true
git:
repo: https://repo1.dso.mil/big-bang/product/packages/eck-operator.git
tag: null
branch: "42-implement-istio-authorization-policies"
values:
istio:
enabled: true
hardened:
enabled: true
elasticsearchKibana:
enabled: true
git:
repo: https://repo1.dso.mil/big-bang/product/packages/elasticsearch-kibana.git
tag: null
branch: "93-implement-istio-authorization-policies"
values:
istio:
# -- Toggle istio interaction.
enabled: true
hardened:
enabled: true
customAuthorizationPolicies: []
# - name: "allow-nothing"
# enabled: true
# spec: {}
prometheus:
enabled: false
namespaces:
- monitoring
principals:
- cluster.local/ns/monitoring/sa/monitoring-grafana
- cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-alertmanager
- cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-operator
- cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-prometheus
- cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-state-metrics
- cluster.local/ns/monitoring/sa/monitoring-monitoring-prometheus-node-exporter
fluentbit:
enabled: false
namespaces:
- fluentbit
principals:
- cluster.local/ns/fluentbit/sa/fluentbit-fluent-bit
elasticOperator:
enabled: true
namespaces:
- eck-operator
principals:
- cluster.local/ns/eck-operator/sa/elastic-operator
mattermost:
enabled: false
namespaces:
- mattermost
principals:
- cluster.local/ns/mattermost/sa/mattermost
jaeger:
enabled: false
namespaces:
- jaeger
principals:
- cluster.local/ns/jaeger/sa/jaeger
- cluster.local/ns/jaeger/sa/jaeger-instance
- cluster.local/ns/jaeger/sa/default
monitoring:
enabled: true
sso:
enabled: true
prometheus:
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-prometheus
alertmanager:
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-alertmanager
kiali:
enabled: true
sso:
enabled: true
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-kiali
values:
image:
tag: v1.78.0@sha256:d8b8e5253540c0e78042dfc689acd61dd3add8260a760e7e9fb6a300731d0866
jaeger:
enabled: true
sso:
enabled: true
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_jaeger
values:
istio:
jaeger:
enabled: true
elasticsearch:
enabled: true
grafana:
enabled: true
fluentbit:
enabled: true
Linked Issue
Upgrade Notices
N/A
Edited by Jimmy Ungerman