Adds authservice as extension provider

da7eff90 · Stanislav Bondarenko · michaelmcleroy · c72b6e3f · da7eff90 · da7eff90
Commit da7eff90 authored Sep 07, 2021 by Stanislav Bondarenko Committed by michaelmcleroy Sep 07, 2021
Showing with 19 additions and 1 deletion

CHANGELOG.md CHANGELOG.md +6 -0

chart/Chart.yaml chart/Chart.yaml +1 -1

chart/templates/controlplane.yaml chart/templates/controlplane.yaml +7 -0

chart/values.yaml chart/values.yaml +5 -0

No files found.
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,12 @@
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [1.10.4-bb.2]
+### Changed
+- Added authservice as extension provider
 ## [1.10.4-bb.1]
 ### Changed

--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
 apiVersion: v2
 name: istio
-version: 1.10.4-bb.1
+version: 1.10.4-bb.2
--- a/chart/templates/controlplane.yaml
+++ b/chart/templates/controlplane.yaml
@@ -74,6 +74,13 @@ spec:
  meshConfig:
    accessLogFile: /dev/stdout
    enableTracing: {{ .Values.tracing.enabled }}
+    {{- if .Values.authservice.enabled }}
+    extensionProviders:
+      - name: "authservice"
+        envoyExtAuthzGrpc:
+          service: "authservice.authservice.svc.cluster.local"
+          port: "10003"
+    {{- end }}
    defaultConfig:
      tracing:
        sampling: {{ .Values.tracing.sampling }}

--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -17,6 +17,11 @@ imagePullSecrets: []
 monitoring:
  enabled: false
+# If authservice is enabled, it will be added to extension providers as an external authorization system.
+# https://istio.io/latest/docs/tasks/security/authorization/authz-custom/
+authservice:
+  enabled: false
 # Ingress gateways
 # The following items are automatically set for every ingress gateway:
 # - label: "app: {name of ingress gateway}"