Robert Massey requested to merge 78-implement-istio-authorization-policies into main Jan 09, 2024

General MR

Summary

Set up Istio Authorization Policies

Relevant logs/screenshots

Testing Instructions:

Deploy bigbang with the following overrides file:

clusterAuditor:
  enabled: false

gatekeeper:
  enabled: false

istioOperator:
  enabled: true

istio:
  enabled: true

jaeger:
  enabled: false

kiali:
  enabled: false

elasticsearchKibana:
  enabled: false

eckOperator:
  enabled: false

fluentbit:
  enabled: false

monitoring:
  enabled: true

twistlock:
  enabled: false

addons:
  sonarqube:
    enabled: true
    git:
      tag: null
      branch: "78-implement-istio-authorization-policies"
    values:
      istio:
        enabled: true
        hardened:
          enabled: true

Go to sonarqube.bigbang.dev, and verify sonarqube comes up.
Delete the allow-http policy with the following command:

kubectl delete authorizationpolicy allow-http-policy -n sonarqube

Refresh sonarqube.bigbang.dev, and confirm that app goes down.

Linked Issue

issue

Upgrade Notices

N/A

Edited Jan 17, 2024 by Robert Massey

Admin message

Admin message

Setup for Istio Authorization Policies

General MR

Summary

Relevant logs/screenshots

Linked Issue

Upgrade Notices

Merge request reports