KubeZero/charts/kubezero-ci/templates/jenkins/istio-authorization-policy.yaml

27 lines
663 B
YAML
Raw Permalink Normal View History

{{- if and .Values.jenkins.enabled .Values.jenkins.istio.enabled .Values.jenkins.istio.ipBlocks }}
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: {{ .Release.Name }}-deny-not-in-ipblocks
namespace: istio-system
labels:
{{- include "kubezero-lib.labels" $ | nindent 4 }}
spec:
selector:
matchLabels:
app: istio-ingressgateway
action: DENY
rules:
- from:
- source:
notIpBlocks:
{{- toYaml .Values.jenkins.istio.ipBlocks | nindent 8 }}
to:
- operation:
hosts: ["{{ .Values.jenkins.istio.url }}"]
2022-01-28 16:22:39 +00:00
when:
- key: connection.sni
values:
- '*'
{{- end }}