Resolve "Implement Istio Authorization Policies"
General MR
Summary
Implement Istio Authorization Policies
Closes #58 (closed)
Overrides:
eckOperator:
# -- Toggle deployment of ECK Operator.
enabled: true
git:
repo: https://repo1.dso.mil/big-bang/product/packages/eck-operator.git
tag: null
branch: "42-implement-istio-authorization-policies"
values:
istio:
enabled: true
hardened:
enabled: true
elasticsearchKibana:
enabled: true
git:
repo: https://repo1.dso.mil/big-bang/product/packages/elasticsearch-kibana.git
tag: "1.8.0-bb.1"
sso:
enabled: true
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-kibana
license:
trial: true
values:
istio:
# -- Toggle istio interaction.
enabled: true
hardened:
enabled: true
customAuthorizationPolicies: []
# - name: "allow-nothing"
# enabled: true
# spec: {}
prometheus:
enabled: true
namespaces:
- monitoring
principals:
- cluster.local/ns/monitoring/sa/monitoring-grafana
- cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-alertmanager
- cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-operator
- cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-prometheus
- cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-state-metrics
- cluster.local/ns/monitoring/sa/monitoring-monitoring-prometheus-node-exporter
fluentbit:
enabled: true
namespaces:
- fluentbit
principals:
- cluster.local/ns/fluentbit/sa/fluentbit-fluent-bit
elasticOperator:
enabled: true
namespaces:
- eck-operator
principals:
- cluster.local/ns/eck-operator/sa/elastic-operator
mattermost:
enabled: false
namespaces:
- mattermost
principals:
- cluster.local/ns/mattermost/sa/mattermost
jaeger:
enabled: true
namespaces:
- jaeger
principals:
- cluster.local/ns/jaeger/sa/jaeger
- cluster.local/ns/jaeger/sa/jaeger-instance
- cluster.local/ns/jaeger/sa/default
monitoring:
enabled: true
sso:
enabled: true
prometheus:
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-prometheus
alertmanager:
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-alertmanager
kiali:
enabled: true
sso:
enabled: true
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-kiali
values:
image:
tag: v1.78.0@sha256:d8b8e5253540c0e78042dfc689acd61dd3add8260a760e7e9fb6a300731d0866
jaeger:
enabled: true
git:
repo: https://repo1.dso.mil/big-bang/product/packages/jaeger.git
tag: null
branch: "58-implement-istio-authorization-policies"
sso:
enabled: true
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-jaeger
values:
istio:
enabled: true
jaeger:
enabled: true
hardened:
enabled: true
prometheus:
enabled: true
namespaces:
- monitoring
principals:
- cluster.local/ns/monitoring/sa/monitoring-grafana
- cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-alertmanager
- cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-operator
- cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-prometheus
- cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-state-metrics
- cluster.local/ns/monitoring/sa/monitoring-monitoring-prometheus-node-exporter
elasticsearch:
enabled: true
fluentbit:
enabled: true
addons:
authservice:
enabled: trueRelevant logs/screenshots
No relevent logs or screenshots, following manual testing steps is successful.
Linked Issue
Upgrade Notices
N/A
Edited by Jimmy Ungerman