diff --git a/CHANGELOG.md b/CHANGELOG.md index 47fcdfc07c67371fe4a2228e3b69e2eea3660c6c..40ebe1e376be436214d4752dbadd3ad955912fbf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [1.10.4-bb.1] +### Changed +- Added authservice as extension provider + ## [1.10.4-bb.0] ### Changed - Update to Istio 1.10.4 diff --git a/chart/Chart.yaml b/chart/Chart.yaml index 0843c2493f5666806fba697cd12f5431997c907c..76fe62f5ed161c0f33956353fd89727e5ab4c748 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -1,3 +1,3 @@ apiVersion: v2 name: istio -version: 1.10.4-bb.0 +version: 1.10.4-bb.1 diff --git a/chart/templates/controlplane.yaml b/chart/templates/controlplane.yaml index 281edcdfa2abb0f8297e8d40f01f6054995057b6..e3e9d611ff787594318cf904f5ef7e05598245dc 100644 --- a/chart/templates/controlplane.yaml +++ b/chart/templates/controlplane.yaml @@ -74,6 +74,13 @@ spec: meshConfig: accessLogFile: /dev/stdout enableTracing: {{ .Values.tracing.enabled }} + {{- if .Values.authservice.enabled }} + extensionProviders: + - name: "authservice" + envoyExtAuthzGrpc: + service: "authservice.authservice.svc.cluster.local" + port: "10003" + {{- end }} defaultConfig: tracing: sampling: {{ .Values.tracing.sampling }} diff --git a/chart/values.yaml b/chart/values.yaml index d0034e8b11db0debb6671965c53aa8752334e163..769b6316f66b93d94dfebd0a5142e64afa771762 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -17,6 +17,11 @@ imagePullSecrets: [] monitoring: enabled: false +# If authservice is enabled, it will be added to extension providers as an external authorization system. +# https://istio.io/latest/docs/tasks/security/authorization/authz-custom/ +authservice: + enabled: false + # Ingress gateways # The following items are automatically set for every ingress gateway: # - label: "app: {name of ingress gateway}"