UNCLASSIFIED - NO CUI

Skip to content

Setup for Istio Authorization Policies

Robert Massey requested to merge 78-implement-istio-authorization-policies into main

General MR

Summary

Set up Istio Authorization Policies

Relevant logs/screenshots

Testing Instructions:

  1. Deploy bigbang with the following overrides file:
clusterAuditor:
  enabled: false

gatekeeper:
  enabled: false

istioOperator:
  enabled: true

istio:
  enabled: true

jaeger:
  enabled: false

kiali:
  enabled: false

elasticsearchKibana:
  enabled: false

eckOperator:
  enabled: false

fluentbit:
  enabled: false

monitoring:
  enabled: true

twistlock:
  enabled: false

addons:
  sonarqube:
    enabled: true
    git:
      tag: null
      branch: "78-implement-istio-authorization-policies"
    values:
      istio:
        enabled: true
        hardened:
          enabled: true
  1. Go to sonarqube.bigbang.dev, and verify sonarqube comes up.

  2. Delete the allow-http policy with the following command:

kubectl delete authorizationpolicy allow-http-policy -n sonarqube
  1. Refresh sonarqube.bigbang.dev, and confirm that app goes down.

Linked Issue

issue

Upgrade Notices

N/A

Edited by Robert Massey

Merge request reports