KubeZero/charts/kubezero-telemetry/templates/jaeger/istio-authorization-policy.yaml

{{- if .Values.jaeger.istio.enabled }}
{{- if .Values.jaeger.istio.ipBlocks }}
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: jaeger-deny-not-in-ipblocks
  namespace: istio-system
  labels:
    {{- include "kubezero-lib.labels" . | nindent 4 }}
spec:
  selector:
    matchLabels:
      app: istio-ingressgateway
  action: DENY
  rules:
  - from:
    - source:
        notIpBlocks:
        {{- toYaml .Values.jaeger.istio.ipBlocks | nindent 8 }}
    to:
    - operation:
        hosts: [{{ .Values.jaeger.istio.url }}]
    when:
    - key: connection.sni
      values:
      - '*'
{{- end }}
{{- end }}
Feat: KubeZero-Telemetry module incl. Jaeger Collector/UI and OpenSearch 2024-02-09 16:24:37 +00:00			`{{- if .Values.jaeger.istio.enabled }}`
			`{{- if .Values.jaeger.istio.ipBlocks }}`
			`apiVersion: security.istio.io/v1beta1`
			`kind: AuthorizationPolicy`
			`metadata:`
			`name: jaeger-deny-not-in-ipblocks`
			`namespace: istio-system`
			`labels:`
			`{{- include "kubezero-lib.labels" . \| nindent 4 }}`
			`spec:`
			`selector:`
			`matchLabels:`
			`app: istio-ingressgateway`
			`action: DENY`
			`rules:`
			`- from:`
			`- source:`
			`notIpBlocks:`
			`{{- toYaml .Values.jaeger.istio.ipBlocks \| nindent 8 }}`
			`to:`
			`- operation:`
			`hosts: [{{ .Values.jaeger.istio.url }}]`
			`when:`
			`- key: connection.sni`
			`values:`
			`- '*'`
			`{{- end }}`
			`{{- end }}`